IDG News Service – (International) Web server hackers install rogue Apache modules and SSH backdoors, researchers say. Researchers from Securi reported that a group of attackers using rogue Apache modules has been replacing Secure Shell (SSH) binary files in compromised servers with backdoored versions that collect user information and passwords from incoming and outgoing SSH connections.
Source: http://www.networkworld.com/news/2013/012413-web-server-hackers-install-rogue-266121.html