VB Migration

Tag: mayhem

  • Ebury and Mayhem server malware families still active

    Whether it is to send spam or to redirect web traffic to malicious payloads, compromised ( Linux ) web servers are the glue in many a malware campaign. Two such networks of compromised servers – about which VB has published papers in the past – have recently received updates. The paper ‘Operation Windigo’ ( pdf ) was…

  • Ebury and Mayhem server malware families still active

    Whether it is to send spam or to redirect web traffic to malicious payloads, compromised ( Linux ) web servers are the glue in many a malware campaign. Two such networks of compromised servers – about which VB has published papers in the past – have recently received updates. The paper ‘Operation Windigo’ ( pdf ) was…

  • Shellshock used to spread Mayhem

    Malware switched to more effective Perl installer. One of the most prominent discussion topics during VB2014 was the ‘Shellshock’ vulnerability (CVE-2014-6271) in the popular Bash shell for *nix, which was publicly disclosed while the conference was going on in Seattle. The name ‘Shellshock’ started as a joke on Twitter. Considered at least as serious as…

  • Paper: Mayhem – a hidden threat for *nix web servers

    New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system. One of the main trends in malware in recent years is a sudden focus on malware targeting Linux and Unix (web) servers. By targeting these servers, malware authors not only make user of far…