Hackers inject malware in servers around the globe
August 3, 2012Hackers are selling malware online which can be use to attack a vulnerability on popular webserver administrative tool Parallels Plesk Panel.
Brian Krebs, respected ex-Washington Post journalist and security blogger of krebsonsecurity.com, has stated that “Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel”.
The malware is spreading rapidly and is currently ranked 4 in the world for online threats. With a noticeable spike in detection 0n July 18, Parallels Plesk Panel Compromise was detected on servers in 153 countries in July. AVG reports that there are currently 6,331 websites in 34 countries which host the malware.
On ZDNet, Michael Lee raise the question whether this is the result of hacker capitalising on an earlier Exploit (repaired in February) or if this ” Zero Day” Exploit is a new development.
If your website displays an alert or the malware is detected on your server, ask your IT support team to immediately replace the infected javascript files and install the Plesk vulnerabilty patch.
Parallels Plesk product information
IMPACTED PLESK VERSIONS
Parallels Plesk Panel 9.5x and 10 include this vulnerability (no prior versions have that component). Parallels Small Business Panel 10.2 is also affected.
OVERVIEW OF THE VULNERABILITY AND EXPLOIT
A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.
ProFTPD bug report: http://bugs.proftpd.org/show_bug.cgi?id=3521
DETAILS ON THE VULNERABILITY AND EXPLOIT
ProFTPD is capable of processing TELNET IAC sequences on port 21; the sequences enable or disable certain options not supported by the Telnet or FTP protocol itself. The buffer overflow allows attackers to write arbitrary code to the application’s stack and launch it. Updating to version 1.3.3c of ProFTPD solves the problem. The update also fixes a directory traversal vulnerability which can only be exploited if the “mod_site_misc” module is loaded. This flaw could allow attackers with write privileges to leave their permitted path and delete directories or create symbolic links outside of the path. The module is not loaded or compiled by default.
Sources:
http://www.parallels.com/au/products/plesk/ProFTPD/
http://www.avgthreatlabs.com/webthreats/info/parallels-plesk-panel-compromise/
http://www.zdnet.com/hackers-leverage-plesk-panel-to-attack-websites-7000000651/
http://krebsonsecurity.com/2012/07/plesk-0day-for-sale-as-thousands-of-sites-hacked/
From Our Clients
I recently engaged Digital Tsunami to design and build my 60-page website. I'm a website copywriter who relies heavily on web-generated business, so my own online presence needs to be impeccable.
The solution that Digital Tsunami supplied is brilliant. It meets my needs perfectly; it's clean, bold, elegant, fast, and easy to edit. I've had lots of very positive feedback about it, and since launch, my request for quote rate and conversion rate have increased markedly.
The team at Digital Tsunami was incredibly responsive, delivering a solution well ahead of deadline. Their technical knowledge was exceptional, they were innovative, and they were very meticulous. What's more, they understood my business and technical requirements and translated them into a user-friendly, refined, professional site which is conceptually simple and cohesive.
I have no hesitation in recommending the website design services of Digital Tsunami to any business .. that needs a stand-out online presence.
I'm very pleased with my new website. Clean, crisp and well-ordered. Many thanks to Andrew and the team at Digital Tsunami for their speedy work and dedicated follow up, ensuring a glitch-free launch!
Since 2003, Digital Tsunami has collaborated with Personal Broadband Australia to deliver many online solutions, including the latest www.pba.com.au site.
Central to the development process is Digital Tsunami's thorough understanding of the project needs, clear and constant communication, and creative, innovative and meticulous approach to delivering solutions.
The results are clean, intuitive, refined and cohesive, with rapidly loading pages and extremely high usability.
The benefit to PBA of this long-term relationship has been the highly effective way in which Digital Tsunami has implemented and enhanced my vision on every project.
Andrew W Morse and the Digital Tsunami team are world class, creative professionals in the challenging and highly competitive business of web page design and utilisation.
He understands business, he understands marketing, he understands communication and he understands design. And most importantly, his web pages pay for themselves within weeks of going online.
You have demonstrated patience, perseverance, attention to detail and a rare ability to perceive what was needed even when we didn't. We are delighted with the site, it performs and looks great and our enquiry rate since it superseded our previous website has already increased by 20%.