There’s nothing more likely to give visitors a bad impression of your website than finding their PC has been infected with malware picked up from your domain, so if you want to improve your reputation, you need to make sure you’re virus-free. If people are getting messages warning them of dangers when they navigate to your homepage, you can be certain they won’t be back. Even if you scrub your system clean quickly, you might lose potential customers, so this is clearly an area you need to keep on top of.
This could be something you need to look at right now if you’re running a Linux-based web server, as security researchers have identified a particularly sophisticated variant of malware that infects a server and hits visitors with drive-by downloads. Drive-by downloads open up website visitors to malicious code that attempts to exploit unpatched software vulnerabilities in their computer. Typical targets include vulnerabilities in web browsers, Java and Flash plugins and the underlying operating system. The newly-found threat targets servers running 64-bit versions of Linux, with security experts Kaspersky observing it appears to have been specifically designed for the kernel versions 2.6.32-5-amd64, which is used in distributions such as 64-bit Debian Squeeze. Even though it’s currently thought to only be in the prototype stage, it’s been described as a particularly nasty variant that you’ll want to get rid of immediately if you’re infected.
The Register reports the malware doesn’t just target one domain or web app platform, but any site hosted by a compromised HTTP server. The rootkit also buries itself deep within the Linux kernel, making it especially hard to detect. Kaspersky warned that although it’s still in the development stage, the malware shows a “new approach” to drive-by download scenarios and it’s likely there will be many more like it showing up in the future. This latest potential threat highlights just how hackers are constantly evolving their strategies to exploit weaknesses. If you don’t react and put in place the latest protections, you could find your web servers are compromised, which could be a hugely costly issue.