Is your Apache Server under Attack?
The Apache web server is a fairly common service that powers many websites today, and it's been under attack for about a bit over a month now. These attacks differ in terms of complexity, strength, and covertness and are not visible without the use of special forensics tools. The backdoor being named Linux/Cdorked.A opens a port on the affected server and is stored in shared memory. Ars Technica has great coverage regarding this, while an Eset blog post has more details and a Python script that you can run to verify if infection is suspected.