Exclusive: Ongoing malware attack targeting Apache hijacks 20,000 sites

Posted by JaseP on Apr 2, 2013 9:12 PM EDT
Ars Technica; By Dan Goodin
Mail this story
Print this story

Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of "Darkleech," a mysterious exploitation toolkit that exposes visitors to potent malware attacks.

The ongoing attacks, estimated to have infected 20,000 websites in the past few weeks alone, are significant because of their success in targeting Apache, by far the Internet's most popular Web server software. Once it takes hold, Darkleech injects invisible code into webpages, which in turn surreptitiously opens a connection that exposes visitors to malicious third-party websites, researchers said. Although the attacks have been active since at least August, no one has been able to positively identify the weakness attackers are using to commandeer the Apache-based machines. Vulnerabilities in Plesk, Cpanel, or other software used to administer websites is one possibility, but researchers aren't ruling out the possibility of password cracking, social engineering, or attacks that exploit unknown bugs in frequently used applications and OSes.

Full Story

  Nav
» Read more about: Story Type: News Story, Security

« Return to the newswire homepage

Subject Topic Starter Replies Views Last Post
This reader's comment djohnston 2 1,971 Apr 3, 2013 11:46 AM

You cannot post until you login.