Cdorked
Cdorked is a backdoor Trojan that goes after Linux systems exclusively. One of the most notable properties of this backdoor is how stealthy it can be – it is able to operate in almost fileless mode, and most of its configuration and modules are stored in the computer's memory. The only identifiable file that can be linked to the Cdorked backdoor is 'httpd' - a modified version of the executable of the Apache Web server that Cdorked targets. The malware was first spotted in 2013, and this was also Cdorked's most active period – it was found on hundreds of Web servers, and all of them attempted to redirect visitors to corrupted websites that host harmful content such as exploit kits.
Once the Cdorked infects a host, the attacker will be able to modify its configuration by sending specially crafted HTTP requests that the Apache Web server will not log. It is clear that the Cdorked backdoor is a very advanced project in terms of stealthiness – its authors have made use of a broad range of measures to ensure that their threatening applications will leave minimal traces on the compromised host and it will be very difficult to spot its activity without the use of sophisticated antivirus software.
Naturally, all communication between the Cdorked implant and the control server is encrypted to prevent Web administrators from identifying the contents of the threatening network packets. The Cdorked also monitors the URL that visitors are trying to access and checks for the presence of certain strings like 'webmin,' 'cpanel,' 'host,' 'secur' and others. URLs containing these strings are likely to be visited by the Web administrator, so it is in Cdorked's best interest to avoid triggering redirects to unsafe sites under these conditions.
Malware that targets Linux or Mac operating systems is often more advanced than its Windows counterparts, and this becomes a major issue when users of the former two operating systems tend not to rely on reputable security products. Threats like Cdorked are proof why it is important to rely on a 3rd-party anti-malware software suite, and not just on the security measures that Linux has to offer out of the box.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.