Last month, ESET analyzed a new sophisticated and stealthy Apache backdoor "Linux/Cdorked.A" that drive traffic to malicious pages.
Security researchers at ESET observed that more than 400 web servers infected with the backdoor "Linux/Cdorked.A" including 50 Top ranked websites.
In their recent report, ESET noted that the Lighttpd and nginx web servers also are affected by this backdoor.
"we found it will not deliver malicious content if the victim’s IP address is in a very long list of blacklisted IP ranges, nor if the victim’s internet browser’s language is set to Japanese, Finnish, Russian and Ukrainian, Kazakh or Belarusian." The report reads.
Researchers still not able to identify how this malicious software was deployed on the affected web servers.
The technical details are available at WeLiveSecurity