Hackers inject malware in servers around the globe

Hackers are selling malware online which can be use to attack a vulnerability on popular webserver administrative tool Parallels Plesk Panel.

Brian Krebs, respected ex-Washington Post journalist and security blogger of krebsonsecurity.com, has stated that “Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel”.

The malware is spreading rapidly and is currently ranked 4 in the world for online threats. With a noticeable spike in detection 0n July 18, Parallels Plesk Panel Compromise was detected on servers in 153 countries in July. AVG reports that there are currently 6,331 websites in 34 countries which host the malware.

On ZDNet, Michael Lee raise the question whether this is the result of hacker capitalising on an earlier Exploit (repaired in February) or if this ” Zero Day” Exploit is a new development.

If your website displays an alert or the malware is detected on your server, ask your IT support team to immediately replace the infected javascript files and install the Plesk vulnerabilty patch.

Parallels Plesk product information

IMPACTED PLESK VERSIONS

Parallels Plesk Panel 9.5x and 10 include this vulnerability (no prior versions have that component). Parallels Small Business Panel 10.2 is also affected.

OVERVIEW OF THE VULNERABILITY AND EXPLOIT

A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.

ProFTPD bug report:  http://bugs.proftpd.org/show_bug.cgi?id=3521

DETAILS ON THE VULNERABILITY AND EXPLOIT

ProFTPD is capable of processing TELNET IAC sequences on port 21; the sequences enable or disable certain options not supported by the Telnet or FTP protocol itself. The buffer overflow allows attackers to write arbitrary code to the application’s stack and launch it. Updating to version 1.3.3c of ProFTPD solves the problem. The update also fixes a directory traversal vulnerability which can only be exploited if the “mod_site_misc” module is loaded. This flaw could allow attackers with write privileges to leave their permitted path and delete directories or create symbolic links outside of the path. The module is not loaded or compiled by default.

Sources:
http://www.parallels.com/au/products/plesk/ProFTPD/
http://www.avgthreatlabs.com/webthreats/info/parallels-plesk-panel-compromise/
http://www.zdnet.com/hackers-leverage-plesk-panel-to-attack-websites-7000000651/
http://krebsonsecurity.com/2012/07/plesk-0day-for-sale-as-thousands-of-sites-hacked/

From Our Clients

Quotation Mark

Working with this team has been a delight and the resulting website far exceeds our expectations. All stages of the process were handled professionally, promptly and creatively. Discussions went smoothly, with flawless communication and suitable and sensible solutions whenever issues were raised. Time frames were either met or delivered early. The site was 100% accurate, indicating impressive attention to detail.

Without exception, the feedback on our site has been outstanding - clear and thoughtful layout, appropriate and interesting graphics and intuitive navigation.

Robyn Rix
Director (Vice President)
Neutral Bay, NSW, Australia
Quotation Mark

I am very happy with my new website from Digital Tsunami.

Not only did they design it, they also created my logo, and gave me valuable advice and professional feedback.

Through Digital Tsunami, my website now looks professional, easy to navigate and (through my customised CMS), easy to update.

Thomas Rydell
Composer
Eskilstuna, Sweden
Quotation Mark

Our take-away menu advertised TamarindThai.com.au, even though the site didn’t exist.

Digital Tsunami offered great ideas and design to set up a professional website that matches our name, ideas and style of the restaurant.

Andrew is very knowledgeable IT professional and he never hesitated to see and consult us in the restaurant.

Amy & Gabriel Rey
Restaurateurs
Sydney, NSW, Australia
Tamarind Thai
Quotation Mark

When I need a comprehensive online strategy and innovative solutions to achieve results for an important client, Andrew is the only person I need to call.

Sean Aley
Director
North Sydney, NSW, Australia
Said Studio
Quotation Mark

We have been a client of Digital Tsunami now for a number of years.

As an ASX listed company, we seek reliability with our suppliers. Digital Tsunami have proven they are reliable and trustworthy.

We host multiple websites and services through them, and use them for technical and creative work.

There has never been an issue, they are always on top of all technical details, and simply provide the best possible solution around a given budget, and get things right first time. Clearly they have excellent quality controls and that shows in their services.

Adam Connell
Marketing Executive
Adelaide, SA, Australia
EzyStrut (ASX:KOV)
error: We appreciate that you value our content. You are welcome to link to this page, but content is copyright protected.