Hackers inject malware in servers around the globeAugust 3, 2012
Hackers are selling malware online which can be use to attack a vulnerability on popular webserver administrative tool Parallels Plesk Panel.
Brian Krebs, respected ex-Washington Post journalist and security blogger of krebsonsecurity.com, has stated that “Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel”.
The malware is spreading rapidly and is currently ranked 4 in the world for online threats. With a noticeable spike in detection 0n July 18, Parallels Plesk Panel Compromise was detected on servers in 153 countries in July. AVG reports that there are currently 6,331 websites in 34 countries which host the malware.
On ZDNet, Michael Lee raise the question whether this is the result of hacker capitalising on an earlier Exploit (repaired in February) or if this ” Zero Day” Exploit is a new development.
IMPACTED PLESK VERSIONS
Parallels Plesk Panel 9.5x and 10 include this vulnerability (no prior versions have that component). Parallels Small Business Panel 10.2 is also affected.
OVERVIEW OF THE VULNERABILITY AND EXPLOIT
A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.
ProFTPD bug report: http://bugs.proftpd.org/show_bug.cgi?id=3521
DETAILS ON THE VULNERABILITY AND EXPLOIT
ProFTPD is capable of processing TELNET IAC sequences on port 21; the sequences enable or disable certain options not supported by the Telnet or FTP protocol itself. The buffer overflow allows attackers to write arbitrary code to the application’s stack and launch it. Updating to version 1.3.3c of ProFTPD solves the problem. The update also fixes a directory traversal vulnerability which can only be exploited if the “mod_site_misc” module is loaded. This flaw could allow attackers with write privileges to leave their permitted path and delete directories or create symbolic links outside of the path. The module is not loaded or compiled by default.
From Our Clients
Andrew and the team at Digital Tsunami are an absolute joy to work with, going above and beyond to design and host an amazing website for Cameragal Montessori School. Their work has led to an increase in enrolments and greater visibility within the community. They are always quick to make suggestions for improvement and implement changes - the embodiment of great customer service.
We are all very happy with the new website and believe it captures the essence of the Group One brand.
Andrew and colleagues were able to assist at every step of the website production process, providing a sleek layout with high quality images. We would like to thank the Digital Tsunami team for an excellent job.
Working with this team has been a delight and the resulting website far exceeds our expectations. All stages of the process were handled professionally, promptly and creatively. Discussions went smoothly, with flawless communication and suitable and sensible solutions whenever issues were raised. Time frames were either met or delivered early. The site was 100% accurate, indicating impressive attention to detail.
Without exception, the feedback on our site has been outstanding - clear and thoughtful layout, appropriate and interesting graphics and intuitive navigation.
Andrew and his team at Digital Tsunami were the developers behind our micro site for Fearless.
I like the way they work (efficient, effective) and delivered a great site, on time.
(We) took a fairly substantial audit of .. sophisticated sites both technically and creatively .. Out of six prominent designers, Digital Tsunami stood out.
The quality of the images, the sophisticated management of text .. together with smooth animations makes (our) website of very high calibre.
I would personally rate this site in the top 2 percent of world wide web sites today.