Hackers inject malware in servers around the globe

Hackers are selling malware online which can be use to attack a vulnerability on popular webserver administrative tool Parallels Plesk Panel.

Brian Krebs, respected ex-Washington Post journalist and security blogger of krebsonsecurity.com, has stated that “Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel”.

The malware is spreading rapidly and is currently ranked 4 in the world for online threats. With a noticeable spike in detection 0n July 18, Parallels Plesk Panel Compromise was detected on servers in 153 countries in July. AVG reports that there are currently 6,331 websites in 34 countries which host the malware.

On ZDNet, Michael Lee raise the question whether this is the result of hacker capitalising on an earlier Exploit (repaired in February) or if this ” Zero Day” Exploit is a new development.

If your website displays an alert or the malware is detected on your server, ask your IT support team to immediately replace the infected javascript files and install the Plesk vulnerabilty patch.

Parallels Plesk product information

IMPACTED PLESK VERSIONS

Parallels Plesk Panel 9.5x and 10 include this vulnerability (no prior versions have that component). Parallels Small Business Panel 10.2 is also affected.

OVERVIEW OF THE VULNERABILITY AND EXPLOIT

A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.

ProFTPD bug report:  http://bugs.proftpd.org/show_bug.cgi?id=3521

DETAILS ON THE VULNERABILITY AND EXPLOIT

ProFTPD is capable of processing TELNET IAC sequences on port 21; the sequences enable or disable certain options not supported by the Telnet or FTP protocol itself. The buffer overflow allows attackers to write arbitrary code to the application’s stack and launch it. Updating to version 1.3.3c of ProFTPD solves the problem. The update also fixes a directory traversal vulnerability which can only be exploited if the “mod_site_misc” module is loaded. This flaw could allow attackers with write privileges to leave their permitted path and delete directories or create symbolic links outside of the path. The module is not loaded or compiled by default.

Sources:
http://www.parallels.com/au/products/plesk/ProFTPD/
http://www.avgthreatlabs.com/webthreats/info/parallels-plesk-panel-compromise/
http://www.zdnet.com/hackers-leverage-plesk-panel-to-attack-websites-7000000651/
http://krebsonsecurity.com/2012/07/plesk-0day-for-sale-as-thousands-of-sites-hacked/

From Our Clients

Quotation Mark

.. a reliable and steadfast operator, with a keen sense of service. Innovative and contemporary, and operating within the upper echelon.

Matthew Gormly
Director
Mönsterås, Sweden
Quotation Mark

.. very knowledgeable, creative and patient while also pushing me to work through the many decisions such a project involves.

Corinna Sager
President
Montclair, New York, USA
Lifestyle International
Quotation Mark

The launch .. was a success. We were able to present this live on a Wireless connection during our Sydney, Australia sales conference on a location with very limited internet bandwidth. This proves the technology used .. renders light webpages which are easy to download on a browser.

Comments I've heard from our employees were all positive and reflected precisely what we were looking for: a simple but concise, clean and effective webpage.

We acknowledge the timeframe given to you was extremely short but nevertheless you have sucessfully delivered the project on schedule .. the critical success factor was communication and availability of Digital Tsunami's team.

I am very glad we were able to partner with such a professional team as yours and I am confident any other initiatives with you will be as successful.

Claudio Falcão Gomes
IT Manager
Sydney, NSW, Australia
Solvay Pharmaceuticals
Quotation Mark

We were very happy with the development process and the outcome. The objectives have all been achieved, in terms of usability and ease of use in updating the site. You definitely nailed both of these.

Rupert Blatch
National Sales & Marketing Manager
Port Kembla, NSW, Australia
Quotation Mark

For providing a reliable, fast, and well maintained hosting service for business websites, I recommend Andrew and his company Digital Tsunami. The technical support given has been above and beyond, their hosting the fastest I have experienced, and is very well maintained with no issues.

Andrew certainly bends over backwards for his new and current clients, and I can tell he genuinely cares about providing nothing short of an outstanding service.

Adam Connell
Marketing Executive
Adelaide, SA, Australia
Korvest (ASX:KOV)
error: We appreciate that you value our content. You are welcome to link to this page, but content is copyright protected.