The Cdorked threat is designed to target Linux systems only. Cybersecurity analysts first discovered this backdoor Trojan about seven years ago. After looking into the activity of this threat, it would appear that the most dynamic period for the Cdorked Trojan was in 2013 when it was spotted on several hundred Web servers. All the compromised Web servers were designed to redirect users to corrupted pages that were meant to distribute various malware types.
The main advantage of the Cdorked Trojan is that it operates very silently. The creators of the Cdorked backdoor Trojan have made sure that this threat operates almost filelessly. This means that the majority of its files and settings are stored in the system’s memory. However, malware researchers have identified one file that is affiliated with the Cdorked campaign certainly – ‘httpd.’ This is an altered variant of the executable file of an Apache Web server. When the Cdorked Trojan compromises a system, it will be able to alter its settings via specifically built HTTP requests. These requests are designed so that the Apache Web server does not log them, therefore ensuring extra stealth for the Cdorked Trojan. As we mentioned, the Cdorked backdoor Trojan is a very stealthy threat that can cause a lot of damage before the victim ever notices that there is anything wrong.
The Cdorked Trojan will connect to the C&C (Command & Control) server of the attackers and receive commands from it. All the communication between the two entities is encrypted securely, which makes it more difficult for the administrators of the compromised servers to identify the threat. The Cdorked backdoor Trojan is capable of monitoring the address bar of the user and seeks out particular strings like ‘cpanel,’ ‘host,’ ‘webmin,’ ‘secur,’ etc. The presence of any of these strings would signify that the users are entering a page that they administrate. If any are detected, the user will not be redirected to an unsafe website as it would cause suspicion.
Threats designed to go after Linux systems were not very common in the past, but with each year passing by, there is more and more malware designed to target Linux. Do not neglect the safety of your system and make sure to obtain a genuine anti-malware solution that will keep you secure.