Home / Definitions / Linux/CDorked

Linux/CDorked

Forrest Stroud
Last Updated May 24, 2021 8:03 am

A highly advanced and stealthy form of malware that targets backdoor exploits in Web servers like Apache, nginx and lighttpd. Linux/CDorked is one of the first strains of malware to reside entirely in memory, leaving little to no trace of itself on an infected server’s hard drives.

According to an ESET security researcher in an article from Datamation, Linux/CDorked “makes it hard for system administrators to even know it’s there and very difficult for them to check system logs to find out how to fix it. Plus, if they reboot the server or aren’t extremely careful, all the evidence disappears without a trace.”

Once Linux/CDorked infects a server, the malware is able to redirect website visitors to compromised sites without their knowledge. Security researchers claim Linux/CDorked.A, the first reported form of the malware, is the most sophisticated Apache backdoor discovered to date.