Saturday, April 20, 2013

Former Hostgator employee has installed Backdoor to 2,700 Servers

Ex-HostGator Employee arrested, charged with Installing Backdoor to 2,700 Servers

A former employee of a hosting provider Hostgator convicted of espionage. He put backdoors on 2,700 servers in a data center Hostgator - and get unlimited access to information customers.

Now the case is 29-year-old resident of San Antonio named Eric Gunnar Gisse is seen in the District Court of Harris County (Texas). In court papers, said that he worked for the company for positions Hostgator administrator "medium level" from September 2011 to February 15, 2012.

The analysis showed that using the backdoor and SSH-keys Hostgator attacker could remotely access the web server Apache. Logs showed cases of authorization even with the computer Hetzner Data Center, which is located in the city of Nuremberg (Germany).

Erik Gunnar Eide tried to create the impression that the program of espionage - a standard means of administration Unix, and continued to malicious activity. The process was called pcre and disguised as a standard file system. Altogether backdoor was set in the network server 2,723 of Hostgator, on each of the servers can be located hundreds of sites. In addition to the installation process, pcre, Eide has modified the standard utilities ps and netstat, to hide some activity.

Malware was found the next day after the dismissal Eide. Hostgator Company has determined that the attacker does not have time to do any harm, and the backdoor is on the server is not more than a month.

No comments:

Post a Comment