All the latest UK technology news, reviews and analysis

Hackers hit thousands of websites with Apache backdoor attack

29 Apr 2013
Security padlock image

Security firm Eset has uncovered a malicious cyber campaign using a backdoor exploit in Apache web servers to herd web users to sites carrying Blackhole exploit packs. The security firm reported uncovering the campaign on Friday, warning that thousands of websites have already fallen victim.

Eset senior research fellow, Righard Zwienenberg, told V3 the backdoor, codenamed Linux/Cdorked.A, is one of the most advanced attacks to target the Apache platform, boasting advanced detection dodging powers.

"The configuration of Linux/Cdorked.A is pushed to the system using obfuscated HTTP requests not apparent in Apache's log. This hides the fact that the web server is compromised. Linux/Cdorked.A can also receive commands with HTTP-POST," he said.

"The problem here is that Linux/Cdorked.A leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. It will be difficult to assess the dangers and actions of specific compromised systems if only the binary is found and the active shared memory is not.

Zwienenberg said the compromised servers are being used to drive web traffic to a number of malicious websites containing malware and exploits from the Blackhole exploit kit. The campaign has already compromised hundreds of Apache servers, meaning that thousands of websites could potentially have been affected.

The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies. This means that a successful security breach can affect numerous different businesses across a diverse range of industries.

"With so many web servers running Apache, potentially hundreds of thousands of sites are vulnerable to this hard-to-detect threat. Other than modifying the existing httpd daemon service, all other traces are only in memory. Traffic to the website may be directed to other sites, where some of the redirects are to sites that carry the notorious Blackhole Exploit Kit," said Zwienenberg.

"Businesses must make sure they are always are up to date in applying all security patches. The days when patch management was a luxury are long gone. These must be completed so every employee is safe, and complemented with appropriate prevention measurements, such as anti-malware security suites."

The backdoor is one of many advanced threats uncovered targeting businesses over the last month. Prior to it security firm Seculert uncovered a 'Magic Malware' that features several detection dodging capabilities.

The influx of new sophisticated attacks has caused numerous security vendors and government groups to call on industry to improve their cyber defences. Most recently, Metropolitan Police Central e-crime Unit head Charlie McMurdie said businesses must work more closely with law enforcement to protect themselves from advanced threats.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Helpdesk / 1st Line Support Analyst - MS Windows, Office

Helpdesk / 1st Line Support Analyst - MS Windows, Office...

Evening Service Desk/IT Support Analyst - London Law Firm

Evening Service Desk / IT Support Analyst - London Law...

Service Desk Analyst / Desktop Support - Windows, MS Office

Service Desk Analyst / Desktop Support - Windows, MS...

Software Network Engineer LTE - TCP/IP - C#, C++, Android, or Java

Software Network Communications Engineer C#, C++, Andriod...
To send to more than one email address, simply separate each address with a comma.