Pport 80 malware is quite high, particularly those exploiting the Mambo mosConfig exploit. This exploit is not new. It just means that attackers are still able to succesfully compromise vulnerable machines.
The exploit downloads a shell script, which in turn downloads and executes other malware including the actual worm that does the exploiting (it also has a module for exploiting the XML-RPC vulnerability), as well as an IRC client (yes, to take part in an eveeel-botnet server).
What malwares are these you say? Check out our Virus Encyclopedia for the following malwares:
- ELF_LUPPER
- PERL_SHELLBOT
- ELF_KAITEN
- ELF_MARE
And if I missed something, you can always check our Advisories page for the latest malwares from our honeypots.
