Hackers inject malware in servers around the globe

Hackers are selling malware online which can be use to attack a vulnerability on popular webserver administrative tool Parallels Plesk Panel.

Brian Krebs, respected ex-Washington Post journalist and security blogger of krebsonsecurity.com, has stated that “Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel”.

The malware is spreading rapidly and is currently ranked 4 in the world for online threats. With a noticeable spike in detection 0n July 18, Parallels Plesk Panel Compromise was detected on servers in 153 countries in July. AVG reports that there are currently 6,331 websites in 34 countries which host the malware.

On ZDNet, Michael Lee raise the question whether this is the result of hacker capitalising on an earlier Exploit (repaired in February) or if this ” Zero Day” Exploit is a new development.

If your website displays an alert or the malware is detected on your server, ask your IT support team to immediately replace the infected javascript files and install the Plesk vulnerabilty patch.

Parallels Plesk product information

IMPACTED PLESK VERSIONS

Parallels Plesk Panel 9.5x and 10 include this vulnerability (no prior versions have that component). Parallels Small Business Panel 10.2 is also affected.

OVERVIEW OF THE VULNERABILITY AND EXPLOIT

A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.

ProFTPD bug report:  http://bugs.proftpd.org/show_bug.cgi?id=3521

DETAILS ON THE VULNERABILITY AND EXPLOIT

ProFTPD is capable of processing TELNET IAC sequences on port 21; the sequences enable or disable certain options not supported by the Telnet or FTP protocol itself. The buffer overflow allows attackers to write arbitrary code to the application’s stack and launch it. Updating to version 1.3.3c of ProFTPD solves the problem. The update also fixes a directory traversal vulnerability which can only be exploited if the “mod_site_misc” module is loaded. This flaw could allow attackers with write privileges to leave their permitted path and delete directories or create symbolic links outside of the path. The module is not loaded or compiled by default.

Sources:
http://www.parallels.com/au/products/plesk/ProFTPD/
http://www.avgthreatlabs.com/webthreats/info/parallels-plesk-panel-compromise/
http://www.zdnet.com/hackers-leverage-plesk-panel-to-attack-websites-7000000651/
http://krebsonsecurity.com/2012/07/plesk-0day-for-sale-as-thousands-of-sites-hacked/

From Our Clients

Quotation Mark

Andrew helped us to see the potential of video in bringing our new website to life.

He held our hand through the process, making it as undaunting as possible.

He delivered a great selection of videos (from a one-day shoot), that really tell the Foodbank story and will be a great addition to our communications.

Sarah Pennell
Business and Communications Manager
Sydney, NSW, Australia
Foodbank Australia
Quotation Mark

Your team has been great to work with. Tamara is very quick to catch on to things and Amir's code and CSS has impressed David due to its' simplicity and elegance.

Ian Brand
Manager - Information Services
Adelaide, SA, Australia
Quotation Mark

Digital Tsunami provided an outstanding service throughout the whole web development process. Andrew spent extensive time early on to understand our business in order to provide additional conceptual and strategic contributions to the brand and corporate identity of Kinetic Defence Services to ensure the message was clear, precise and appealing to the target audience.

The development process was smooth and efficient and enabled us to have an input throughout to guarantee total satisfaction with the final look and feel of the site.

Angelo Mastropietro
Director
Sydney, NSW, Australia
Kinetic Defence
Quotation Mark

We are all very happy with the new website and believe it captures the essence of the Group One brand.

Andrew and colleagues were able to assist at every step of the website production process, providing a sleek layout with high quality images. We would like to thank the Digital Tsunami team for an excellent job.

Jake Gorman
General Manager
Canberra, ACT, Australia
Group One
Quotation Mark

By taking the time to understand our business, industry and vision, Digital Tsunami created a site that truly reflected our leadership position in the market and our strategic direction.

Digital Tsunami's expertise in visual design, photography, website navigation and business writing, resulted in an extremely effective website.

The project was expertly managed from end to end which resulted in a fast and efficient process.

Robert Keiller
Finance Manager
Portland, Victoria, Australia
error: We appreciate that you value our content. You are welcome to link to this page, but content is copyright protected.