In a recent article from “BleepingComputer” a cybersecurity online blog, states that Luke Paris, a Dutch web developer efficient with c and C++ software development skills created a proof-of-concept malware exploit where rootkit malware can literally hide itself inside of a php module server file. Once the rootkit malware has hidden itself inside of the file it is capable of taking over web servers by way of the malware hiding inside of server Apache Modules. The proof-of-concept exploit has been developed and saved by means of the open-sourced web site named GitHub. It’s frightening that such a proof-of-concept malware exploit exist because many malicious hackers have dreamed of a way to sit inside of a server undetected. Unfortunately, the Dutch developer Luke Paris has made this happen. The rootkit malware is considered to be most dangerous based on the attack vector of the malware. It is also dangerous because most incident responders would not consider looking for malicious code inside of php server modules because it is not considered a common place to hide malware. The reason why most would not investigate the existence of malware in php server modules is based on the fact that many of today's rootkits only work near the OS kernel which requires lots of the hackers’ effort not to crash the victim’s computer systems while hiding the rootkit malware inside of the server modules. Sue Gonzalez, the director for Cyber Programs at Redport Information Assurance, LLC considers this type of rootkit exploit most threatening based on the malwares ability to be undetected and its untraditional means of causing the malware infection.

Reference: https://www.bleepingcomputer.com/news/security/developer-creates-rootkit-that-hides-in-php-server-modules/

By Dr. Randall Sylvertooth


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA