EasyApache 3.26.2 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.26.2 with Apache version 2.4.10. This release addresses Apache vulnerabilities CVE-2014-0117, CVE-2014-0226, CVE-2014-0118, and CVE-2014-0231 by fixing bugs in the mod_proxy, mod_deflate, and mod_cgid modules. We encourage all Apache 2.4 users to upgrade to Apache version 2.4.10.

AFFECTED VERSIONS
All versions of Apache 2.4 before 2.4.10.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-0117 – MEDIUM

Apache 2.4.10
Fixed bug in the mod_proxy module related to CVE-2014-0117.

CVE-2014-0226 – MEDIUM

Apache 2.4.10
Fixed a race condition related to CVE-2014-0226.

CVE-2014-0118 – MEDIUM

Apache 2.4.10
Fixed bug in the mod_deflate module related to CVE-2014-0118.

CVE-2014-0231 – MEDIUM

Apache 2.4.10
Fixed bug in the mod_cgid module related to CVE-2014-0231.

SOLUTION
cPanel, Inc. has released EasyApache 3.26.2 with an updated version of Apache 2.4 to correct these issues. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of Apache.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0117
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0118
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231
https://www.apache.org/dist/httpd/CHANGES_2.4

Google Aims To Make The Internet Safer With Its New Security Team, Project Zero

(The Hosting News) – Google has created a new team of security researchers with the goal of making the Internet safer by reducing the number of people harmed during zero-day attacks.

The new security team, Project Zero, is a team of highly skilled, full-time researchers that works toward locating and reporting large numbers of security threats.

“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” says Google “Researcher Herder” Chris Evans via blog post. “We think more can be done to tackle this problem.”

Evans notes that Project Zero isn’t restricted to finding vulnerabilities in only Google products. The team will work to discover bugs in other software that is widely used, paying attention to “techniques, targets and motivations of attackers.”

The information found will be stored in an external database where the vendors of the compromised software will be notified. Once a patch is made available, the team will release the information to the public, allowing users to discuss the vulnerability and see how long it took the vendor to patch the bug.

Google is currently looking for researchers for Project Zero, though they did not offer information on how to apply.

EasyApache 3.26 Released

We are happy to announce the release of EasyApache 3.26 for cPanel & WHM. EasyApache 3.26 features a redesigned profile page that is easier to use and more informative.

EasyApache’s redesigned profile page includes cPanel & WHM’s new Optimal Profiles. The new Optimal Profiles include the recommended versions of PHP and Apache, and the modules that ensure that your EasyApache build is more secure and reliable. The new Optimal Profiles are tailored to your operating system and include profiles that we designed for the CloudLinux operating system. “Our Optimal Profiles help ensure a higher level of safety for our customers,” said the cPanel EasyApache Team.

For the most secure environment, we recommend that you use EasyApache’s new MPM ITK Optimal Profile for CloudLinux. This profile utilizes EasyApache 3.26’s new Apache MPM ITK option. The Apache MPM ITK option is available for CentOS, but does not include the additional security that the CloudLinux operating system provides. For more information on CloudLinux, visit http://cloudlinux.com.
______________________________

EasyApache 3.24.22 Released

SUMMARY
cPanel, Inc. has released EasyApache 3.24.22 with PHP 5.4.30 and 5.5.14. This release addresses multiple PHP vulnerabilities in the PHP core code and the Fileinfo, Network, and SPL modules. We encourage all PHP users to upgrade to PHP 5.4.30 and PHP 5.5.14.

AFFECTED VERSIONS
All versions of PHP 5.4 before 5.4.30.
All versions of PHP 5.5 before 5.5.14.

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2014-3981 – LOW

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the PHP core code related to CVE-2014-3981.

CVE-2014-0207 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-0207.

CVE-2014-3478 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3478.

CVE-2014-3479 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3479.

CVE-2014-3480 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3480.

CVE-2014-3487 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Fileinfo module related to CVE-2014-3487.

CVE-2014-4049 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the Network module related to CVE-2014-4049.

CVE-2014-3515 – MEDIUM

PHP 5.4.30 and PHP 5.5.14
Fixed bug in the SPL module related to CVE-2014-3515.

SOLUTION
cPanel, Inc. has released EasyApache 3.24.22 with an updated version of PHP 5.4 and PHP 5.5 to correct this issue. Unless you have disabled EasyApache updates, EasyApache updates automatically. Run EasyApache to rebuild your profile with the latest version of PHP.

REFERENCES
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3981
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0207
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3478
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3479
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3480
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3487
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4049
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3515
http://www.php.net/ChangeLog-5.php#5.4.30
http://www.php.net/ChangeLog-5.php#5.5.14

3 Ways to Enable and Disable Linux Services

Linux services or daemons are programs that typically start when the system boots and remain running in the background until the system shuts down. What follows are three distinct ways to manage services RHEL and CentOS servers.

1. chkconfig – You can use this simple command to show current services, enable them, disable them, start and stop them. You can also set run levels for services to make sure they start when and how you want.

2. Setup – Red Hat based distributions have an ncurses tool that you can navigate with your keyboard for a variety of configuration settings. Among those are services. To run setup, simply type “setup” as root and navigate to “System services”.

3. Hosting Automation – If you do not want to manage services through the console or SSH, you can rely on some form of hosting automation, such as cPanel WHM or Webmin. These tools provide full functionality for services management.

For security and performance it is better to disable services you do not use. You can use any of the above three methods to accomplish that. You can also uninstall services if you are sure you will not need them in the near future – See more at: http://www.serverschool.com/server-configuration/3-ways-to-enable-and-disable-linux-services/#sthash.Rs7WvEpY.dpuf

Parallels Plesk 12 Makes Web Servers More Valuable

Parallels Plesk 12 Makes Web Servers More Valuable

Parallels Plesk 12 Makes Web Servers More Valuable

(The Hosting News) – Parallels, the platform provider for cloud service delivery, today launched Parallels Plesk 12, featuring a powerful new security core, a full-featured WordPress Toolkit and four distinct editions of the software designed to deliver targeted functionality to web administrators, application developers, web professionals and hosting service providers.

Each new edition of Plesk 12 simplifies core web management tasks that better align with the way infrastructure is being used for hosting websites and web applications today. A new security core based on ModSecurity rules by Atomicorp provides server-to-site security and the new WordPress Toolkit will help hosters capture the growth in WordPress hosting.

“The hosted and cloud infrastructure industry is in a period of dynamic change, creating new opportunities for our partners,” said Birger Steen, chief executive officer, Parallels. “Plesk 12 gives service providers an easy way to turn commodity infrastructure into compelling solutions that solve real customer problems.”

Four new editions:

•Parallels Plesk Web Admin Edition – Optimized for hosting self-managed sites, this edition enables web administrators to easily manage their own server, websites, domains, email and more.

•Parallels Plesk Web App Edition – Optimized for hosting web applications, this edition enables web application developers to control application access rights with custom view management, manage servers and domains from any mobile device and deliver complete server-to-site security for protection from common scripted attacks against software.

•Parallels Plesk Web Pro Edition – Optimized for web professionals and digital agencies managing and hosting WordPress sites, this edition offers mass-management and security tools for WordPress hosting, server, account and WordPress management from any mobile device, and complete server-to-site security for protection from automated attacks against WordPress.
•Parallels Plesk Web Host Edition – Optimized for service providers who are hosting and reselling unmanaged shared accounts, this edition offers support for multi-tenant, high-density shared hosting, with upgraded reseller, subscription and account management tools, integrated supportability and security tools for WordPress hosting and complete server-to-site security for protection from malicious use.

Key functionality enhancements:

Capture WordPress Hosting Growth with Integrated Tools. The WordPress Toolkit simplifies daily tasks required to manage and secure WordPress sites. With Plesk 12 and the WordPress Toolkit, you will enable customers to:
•Manage multiple WordPress installations, plugins, and themes from a single point of entry
•Easily install, update, and remove WordPress, plus activate and remove plugins and themes
•Securely install WordPress and harden existing WordPress installations, applying the most common recommended security settings with rollback support

Reduce Support Calls with Secure Infrastructure. The new Security Core in Plesk 12 combines ModSecurity, Fail2Ban and Outbound Antispam tools allowing you to deliver server-to-site security out of the box. With the Plesk 12 Security Core on your servers you get:
•Secure servers that protect against persistent attacks targeting known or newly discovered vulnerabilities
•Increased uptime as malicious attacks against your servers are automatically blocked in real time
•Cleaner IP addresses with outgoing spam protection preventing your servers from being blacklisted

With Plesk 12, Parallels global partners such as 1&1 Internet Inc., Conetix, GMO Cloud KK, HostMySite, LeaseWeb, PacHosting, RIDE and STRATO see Plesk 12 delivering a tightly integrated set of mass-management and security tools to help them profit from the growing demand for WordPress hosting.

1&1

“With Parallels, 1&1 has a partner who shares our vision for optimizing performance for key server user groups,” said Hans Nijholt, head of server product management, 1&1 Internet, Inc. “For our customers to realize the full potential of 1&1’s work and investments – such as best-in-class server hardware, CPUs and network infrastructure – a world-class control panel is needed, and Plesk 12 delivers just that. Plesk 12 is the perfect complement to our server line-up and from today we are proud to provide it free with all types of 1&1 servers in all our markets.”

Conetix

“After 10 years of deploying Parallels Plesk, I believe Plesk 12 delivers the ultimate all-round solution for web designers, developers and digital agencies,” said Jamin Andrews, chief executive officer, Conetix. “Our clients are after a solution that is flexible, easy to manage and ahead of the game – Plesk 12 with the new WordPress Toolkit and built-in Security Core offers all this.”

GMO Cloud KK

“With the introduction of four new editions tailored to customer usage patterns, Plesk 12 enables us to offer services which are more valuable and easier to understand for the customers than ever,” said Minoru Karasawa, group chief technology officer and director, GMO Cloud K.K. “At GMO Cloud, we believe that Plesk 12 would allow us to take a strong step forward in actively approaching a new market including web professionals as well as providing secure and useful hosting services.”

HostMySite

“Plesk 12 makes it easier than ever to manage and secure WordPress hosted sites,” said John Enright, president, HostMySite. “It provides our customers with an interface that is optimized for how they use and deploy web applications and it enables us to go beyond basic infrastructure services and allows us to provide complete hosted application solutions.”

LeaseWeb

“As a long-time Parallels partner with over 60,000 physical servers under management, we put Plesk 12 to the test from an early stage and we really fell in love with the innovations added to the latest version,” said Marc Burkels, manager, dedicated hosting, LeaseWeb. “With the new Plesk 12 editions, we are now able to expand our channel by delivering complete solutions to target audiences. The significantly improved security, enhanced functionality and focus on user-friendliness convinced us to make the new version available to all of our bare metal server customers on day one of launch. And within a few weeks, Plesk 12 will be added to our public, private and hybrid cloud offerings as well.”

PacHosting

“We have partnered with Parallels for over 10 years and we are very impressed by the new features in Plesk 12,” said Natalie Kong, business analyst, PacHosting. “The best part of Plesk 12 is the new security core with built-in Fail2Ban, ModSecurity and integrated firewall. This will bring a new level of enhanced security for our clients. In addition, the deep integration with WordPress, which meets the growing demand, will now become one of our strong selling points over our competitors.”

RIDE

“Plesk 12 enables us to provide a complete solution to meet our customers’ needs,” said Hiroya Nakano, chief executive officer, RIDE Co. Limited. “With the help of Plesk 12, we can differentiate our services with features such as the WordPress ToolKit and enhanced server-to-site security built-in. This will give greater satisfaction to our customers.”

STRATO

“After introducing the Haswell processor in the European market, STRATO confirms its leadership position with the latest version of Plesk,” said Christian Böing, chief executive officer, STRATO AG. “Our main goal remains to provide our customers with the latest software and hardware versions. The new Plesk 12 is the perfect complement to our servers and core mass-management and a security tool that can be used to profit from the growing demand for WordPress hosting. That makes us a reliable and professional hosting provider and allows us to differentiate ourselves from our competitors.”

For more information, you can visit www.parallels.com/plesk

About Parallels

Parallels® provides the platform for service providers to sell and deliver great cloud services to businesses worldwide and cross-platform solutions. Parallels began operations in 2000 and has developed into a fast-growing software company with more than 900 employees across offices in North America, Europe, Africa, Australia and Asia.

For more information, please visit www.parallels.com/spp, follow us on Twitter at www.twitter.com/ParallelsCloud, and Like Us on Facebook at www.facebook.com/ParallelsCloud

Patching OpenSSL for the Heartbleed Vulnerability

A security vulnerability in OpenSSL dubbed Heartbleed has been found. This vulnerability was only recently discovered openly, but has been “in the wild” for over a year. It’s important to update your local version of OpenSSL to correct this issue. This brief guide will walk you through ensuring that the patch is installed on your Linode, and suggest additional steps you can take to ensure your server’s security. As always, we suggest having backups of your system prior to making any changes.

This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check our Users and Groups guide.

Installing the Patched Version

Here are the steps for ensuring you have the patched versions of OpenSSL on our most popular distros. If you’ve compiled from source, you’ll want to compile and reinstall using version 1.0.1g. Alternately you can recompile previous versions with the OPENSSL_NO_HEARTBEATS flag enabled to close the vulnerability.

Ubuntu and Debian

1.Check to see what your current OpenSSL version is:
$ openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Sat Feb 1 22:14:33 UTC 2014
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector –param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,–noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: “/usr/lib/ssl”

Pay attention to the built on: line. Versions built before April 7th are vulnerable.

2.For Debian and Ubuntu systems, run these commands to update and upgrade your packages:
sudo apt-get update
sudo apt-get upgrade

3.During the upgrade, you may be given a prompt like the one below. This window warns you about the security issue, and lists services that utilize OpenSSL and need to be restarted to apply the patch. You can add any additional services, by matching the init.d script name in this field.

An option window..

If you do not receive this prompt, be sure to manually restart any services that use OpenSSL.

4.After updating, run openssl version -a again to confirm the newer build:
openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr 7 20:33:29 UTC 2014

CentOS

1.Check to see what your current OpenSSL version is:
openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Wed Jan 8 18:40:59 UTC 2014
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,–noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: “/etc/pki/tls”
engines: dynamic

Pay attention to the built on: line. Versions built before April 7th are vulnerable.

2.To update OpenSSL from the repositories, run:
yum -y install openssl

After updating, run openssl version -a again to confirm the newer build:
openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr 8 02:39:29 UTC 2014

3.Be sure to manually restart any services that use OpenSSL.

Fedora

1.Check to see what your current OpenSSL version is:
openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Fri Dec 20 13:57:26 UTC 2013
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,–noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: “/etc/pki/tls”
engines: dynamic

Pay attention to the built on: line. Versions built before April 7th are vulnerable.

2.On Fedora systems, the patched version is currently being propagated through mirrors. You can update from the repositories with the following command:
sudo yum -y install openssl

You can also directly download the patched version and install it manually. For Fedora 20 (64-bit), run the following set of commands to install the patched version:
sudo yum -y install koji
koji download-build –arch=x86_64 openssl-1.0.1e-37.fc20.1
sudo yum localinstall openssl-libs-1.0.1e-37.fc20.1.x86_64.rpm openssl-1.0.1e-37.fc20.1.x86_64.rpm

3.After updating, run openssl version -a again to confirm the newer build:
openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr 8 00:32:22 UTC 2014

4.Be sure to manually restart any services that use OpenSSL.

Reissue Certificates

The Heartbleed security bug would allow an attacker to read a portion of the memory on an unprotected system, including private keys used in SSL key pairs. It’s suggested that you reissue all key pairs, and revoke ones made previously. This can include keys used to create SSL certificates for web and mail servers. This means new SSL certificates should be generated or purchased.

You can follow the instructions here to create a new certificate signing request (CSR) and key, or check out the Apache-specific instructions here.

Additional Security Steps

While this security flaw has only recently been discovered openly, it has existed on many servers for well over a year. This means that any third party services you use that employ SSL encryption have been vulnerable. It’s suggested that you ensure that said services patch their systems, then reset your passwords.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

Heartbleed.com

cPanel & WHM 11.44 Now in RELEASE Tier

cPanel, Inc. is thrilled to release cPanel & WHM software version 11.44, which will soon be available in the RELEASE tier.

cPanel & WHM 11.44 offers a transfer and restore renovation, configuration clusters, a new edition of Paper Lantern, support access, and more.

Transfer & Restore Renovation
From simple log files and reports to a continuous transfer and restore process, a series of changes to transfer and restore functionality brings widespread benefits.

Configuration Clusters
cPanel & WHM now offers configuration clustering to streamline the process of updating multiple servers, adding a powerful boost in efficiency.

Paper Lantern
With a more agile, consistent framework, Paper Lantern for cPanel & WHM 11.44 signifies progress towards user interface perfection and stunning, user-created themes.

Support Access
Grant cPanel Support Access enables customers to quickly grant server access to cPanel support staff, therefore speeding up the resolution of issues with just a few mouse clicks.

Detailed information on all cPanel & WHM 11.44 features can be found at https://documentation.cpanel.net. An overview of the latest features and benefits is also available at http://releases.cpanel.net.

Shift Gears, You’re a Security Provider Now

In 2013, it seemed that not a week went by without at least one announcement of some kind of serious security breach. The year was a massive challenge for service providers who have faced rapidly escalating threats to their infrastructure and the security of their customers. Massive DDoS attacks, SQL injection vulnerabilities and the potentially disastrous Heartbleed vulnerability are only a few examples of major incidents to strike hosts in the past year. Equally disturbing were instances where Drupal announced a security breach of its servers and MongoHQ revealed that a hacker had breached Amazon Web Services S3 storage accounts, gaining access to several client databases.

As hackers become adept at bypassing traditional security walls and increasing sophisticated at evading detection (e.g., The New York Times incident), what role do hosting providers play in finding solutions to these problems?

The solution is for hosting providers to become security providers. Leading security experts specializing in the hosting industry will discuss this paradigm shift and answer questions in an open forum. Panel members include: Hemant Jain of Fortinet, Jeffrey Lyon of Black Lotus Communications, Steven Ciaburri of Rack911, and Vann Abernethy of NSFOCUS Inc., Shay Rapaport of Fireblade, and Piero DePaoli of Symantec.

The panel is the last scheduled educational session at HostingCon 2014, taking place on Wednesday, June 18th from 11 a.m. until noon. It’s guaranteed to be a thought-provoking and lively way to mark the end of the educational sessions. Finish up the day with a networking lunch and make your way to the Exhibit Hall for the afternoon! The floor plan for the Hall has been pretty much finalized — take a look here.

But you can’t do that unless you are registered. Luckily, there’s still time to register for this year’s HostingCon.

For all the latest HostingCon news and information, visit HostingCon – Premier Industry Conference and Trade Show for Web Hosting and Cloud Service Providers

by Frances Krug

Spammers Prompt Users to Download Malware Disguised as Heartbleed Bug Removal Tool

Spammers are targeting people concerned about the aftermath of the Heartbleed bug with emails prompting users to unknowingly download malware once they run a Heartbleed bug removal tool.

According to a blog post by Symantec last week, the spam requests users run the tool that is attached to the email to clean their computer from the infection. The email warns users that although they may have changed passwords on websites they use, they are still not completely secure and should run the removal tool to ensure complete protection.

The email preys on users who don’t know much about Heartbleed, and probably only heard about it in the media coverage. Heartbleed is not malware, therefore there is no way for it to infect computers.

Heartbleed impacted OpenSSL version 1.0.1 and could expose up to 64KB of memory to a connected client or server. The issue impacted a range of companies, websites and service providers, and this week The Core Infrastructure Initiative announced that it would prioritize funding to OpenSSL to improve its security.

The subject line, “Looking for Investment Opportunities from Syria,” should raise a red flag for users, since it is in no way related to the body, and is pretty typical language used with spammy emails.

The attached file is a .docx file, but once it is opened it appears as a encrypted zip file. Once the file is extracted, users find the heartbleedbugremovaltool.exe. This downloads a keylogger in the background and a progress bar shows up on screen. A pop-up evenutally appears, notifying the user that Heartbleed was not found on their computer.

DataCenterKnowledge has more on how companies are staying ahead of future Heartbleed-like security vulnerabilities by implementing effective security policies and proactively monitoring across their platforms.

by Nicole Henderson on June 3, 2014