Modern Linux malware was recently disclosed by a user who published its details on the Full Disclosure mailing list.
“The anonymous poster, who runs a web service, found the rootkit on company servers after customers said they were redirected to malicious sites,”
writes SC Magazine’s Danielle Walker.
A browser fetching a website serviced by the compromised system will be quietly directed via an HTML iframe to malicious sites loaded with malware to attack the web visitor’s machine.
“The firm, looking at the tools, techniques and procedures employed and some background information it could not disclose, suggested the creator of the rootkit was likely to be Russian,” writes TechWeekEurope’s Tom Brewster.