Cathal Mullaney's blog

Thanks to Eric Chien for his assistance with this research.

Introduction

Backdoor.Bifrose first came to our attention in 2004. It is a remote administration backdoor tool that allows unauthorized access to a compromised computer.

June 8th marks World IPv6 Day when a number of major organizations offer internet services using the replacement Internet Protocol version 6 standard.

We recently analyzed the source code of a malicious Apache Web server module that was using Apache filter functionality to infect HTML pages. This is a more active, complex, and unusual attack than simply infecting static Web pages on a Web server. The attack was unusual in that the Web server itself was the infection target.