nagios backdoor
Kirill Bychkov
kirill.bychkov at gmail.com
Thu Jun 6 18:31:13 CEST 2013
Hello list,
I am client of Hetzner Online (http://hetzner.de)
They are sent me email this following text (part):
=
At the end of last week, Hetzner technicians discovered a "backdoor" in one
of our internal monitoring systems (Nagios).
The malicious code used in the "backdoor" exclusively infects the RAM.
First
analysis suggests that the malicious code directly infiltrates running
Apache
and sshd processes. Here, the infection neither modifies the binaries of
the
service which has been compromised, nor does it restart the service which
has
been affected.
=
I wrote it just for information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20130606/883a990a/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list