Tuesday, 24 June 2014

Thousands Of Apache Servers Attacked!

malware, Apache server, Blachole, exploit, cyber attack, Linux


Another cyber attack has been uncovered! Eset, security firm has found out about a malicious cyber campaign, which reportedly uses a backdoor exploit in Apache Web servers. It then directs users to websites that carry Blackhole exploit packs. The firm has shared that the attack has already victimised thousands of websites. 

In a V3 exclusive, Righard Zwienenberg, Eset senior researcher said, “The backdoor, codenamed Linux/Cdorked.A, is one of the most advanced attacks to target the Apache platform, boasting advanced detection dodging powers. The configuration of Linux/Cdorked.A is pushed to the system using obfuscated HTTP requests not apparent in Apache's log. This hides the fact that the web server is compromised. Linux/Cdorked.A can also receive commands with HTTP-POST.”

Zwienenberg further added that the real problem here is that Linux/Cdorked.A is known to leave no evidence of the hosts that have been compromised on the hard drive. It just leaves a modified httpd binary, which complicates the entire process of forensics analysis, making it difficult to assess the danger levels. 

"With so many Web servers running Apache, potentially hundreds of thousands of sites are vulnerable to this hard-to-detect threat. Other than modifying the existing httpd daemon service, all other traces are only in memory. Traffic to the website may be directed to other sites, where some of the redirects are to sites that carry the notorious Blackhole Exploit Kit," added Zwienenberg.

"Businesses must make sure they are always are up to date in applying all security patches. The days when patch management was a luxury are long gone. These must be completed so every employee is safe, and complemented with appropriate prevention measurements, such as anti-malware security suites,” he suggested.

No comments:

Post a Comment