Lounge Network New Zealand
Lounge Network News and Network Status

RSS Subscribe News & Network Status:
RSS Subscribe Proactive Malware Detection Software Installed on Premium Cpanel Plans
Posted on 16/12/11 12:48PM

We have introduced a new malware detection system for all of our Premium Cpanel servers, named Maldetect. It is an anti-malware project that has proved to be an effective solution against the use of virii/malware on servers. We have initiated full scans on the servers and have detected some malware files on current user accounts. We have incorporated the maldetect software to check apache (web) and ftp uploads. During the uploading of files to the servers, either via ftp or apache (web), maldetect software will scan the file(s) and it will not allow the upload if a file has a signature matching a virus/malware.

Why do we need maldetect ?

Our servers have many different types of software installed by our users, such as wordpress, joomla, other CMS and even custom made scripts. All of this software may become vulnerable over the course of time, and these need to be updated by clients in a timely manner in-order to prevent vulnerabilities. However, many users fail to update their software in a timely manner and these become a threat to the server security. Hackers can then use the vulnerability associated with the software to execute or upload virus/malware. This is where maldetect steps in! Even if a hacker tries to upload a virus file using an affected site, maledetect will usually prevent it.

Example Situation:

FTP case: There can be situations where a clients computer can be infected with a virus and the saved user/passwords in the ftp client software installed on the user computer may be leaked. When a hacker gets this information, he will try to upload virus/malware to the server for execution. Here also, the maldetect becomes handy, preventing the hacker from uploading viruii/malware to the server.

In addition to scanning files on upload, we also have an automated scanner that will go through all web accessible files on the server which have been modified in the past 2 days.

What is maldetect in technical terms?

Regarding technical details of maledetect, Linux Malware Detect (LMD) is a malware scanner for Linux , that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

Example Output:
Detected Threats:
LMD has a total of 7,241 (5393 MD5 / 1848 HEX) signatures , below is a listing of the top 60 threats by prevalence detected by LMD:

base64.inject.unclassed perl.ircbot.xscan
bin.dccserv.irsexxy perl.mailer.yellsoft
bin.fakeproc.Xnuxer perl.shell.cbLorD
bin.ircbot.nbot perl.shell.cgitelnet
bin.ircbot.php3 php.cmdshell.c100
bin.ircbot.unclassed php.cmdshell.c99
bin.pktflood.ABC123 php.cmdshell.cih
bin.pktflood.osf php.cmdshell.egyspider
bin.trojan.linuxsmalli php.cmdshell.fx29
c.ircbot.tsunami php.cmdshell.ItsmYarD
exp.linux.rstb php.cmdshell.Ketemu
exp.linux.unclassed php.cmdshell.N3tshell
exp.setuid0.unclassed php.cmdshell.r57
gzbase64.inject php.cmdshell.unclassed
html.phishing.auc61 php.defash.buno
html.phishing.hsbc php.exe.globals
perl.connback.DataCha0s php.include.remote
perl.connback.N2 php.ircbot.InsideTeam
perl.cpanel.cpwrap php.ircbot.lolwut
perl.ircbot.atrixteam php.ircbot.sniper
perl.ircbot.bRuNo php.ircbot.vj_denie
perl.ircbot.Clx php.mailer.10hack
perl.ircbot.devil php.mailer.bombam
perl.ircbot.fx29 php.mailer.PostMan
perl.ircbot.magnum php.phishing.AliKay
perl.ircbot.oldwolf php.phishing.mrbrain
perl.ircbot.putr4XtReme php.phishing.ReZulT
perl.ircbot.rafflesia php.pktflood.oey
perl.ircbot.UberCracker php.shell.rc99
perl.ircbot.xdh php.shell.shellcomm

If you would like to receive server announcements and latest news, please subscribe to our new RSS Newsfeedss below. Most of the latest browsers such as Firefox , Internet Explorer and Opera now have inbuilt RSS newsfeed readers, as does most good email software.

All prices exclude GST unless otherwise stated. Errors and omissions excepted.
© Copyright Lounge Network, a division of Design Lounge Ltd 2001-2018