All the latest UK technology news, reviews and analysis


Hackers hit thousands of websites with Apache backdoor attack

29 Apr 2013
Security padlock image

Security firm Eset has uncovered a malicious cyber campaign using a backdoor exploit in Apache web servers to herd web users to sites carrying Blackhole exploit packs. The security firm reported uncovering the campaign on Friday, warning that thousands of websites have already fallen victim.

Eset senior research fellow, Righard Zwienenberg, told V3 the backdoor, codenamed Linux/Cdorked.A, is one of the most advanced attacks to target the Apache platform, boasting advanced detection dodging powers.

"The configuration of Linux/Cdorked.A is pushed to the system using obfuscated HTTP requests not apparent in Apache's log. This hides the fact that the web server is compromised. Linux/Cdorked.A can also receive commands with HTTP-POST," he said.

"The problem here is that Linux/Cdorked.A leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. It will be difficult to assess the dangers and actions of specific compromised systems if only the binary is found and the active shared memory is not.

Zwienenberg said the compromised servers are being used to drive web traffic to a number of malicious websites containing malware and exploits from the Blackhole exploit kit. The campaign has already compromised hundreds of Apache servers, meaning that thousands of websites could potentially have been affected.

The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies. This means that a successful security breach can affect numerous different businesses across a diverse range of industries.

"With so many web servers running Apache, potentially hundreds of thousands of sites are vulnerable to this hard-to-detect threat. Other than modifying the existing httpd daemon service, all other traces are only in memory. Traffic to the website may be directed to other sites, where some of the redirects are to sites that carry the notorious Blackhole Exploit Kit," said Zwienenberg.

"Businesses must make sure they are always are up to date in applying all security patches. The days when patch management was a luxury are long gone. These must be completed so every employee is safe, and complemented with appropriate prevention measurements, such as anti-malware security suites."

The backdoor is one of many advanced threats uncovered targeting businesses over the last month. Prior to it security firm Seculert uncovered a 'Magic Malware' that features several detection dodging capabilities.

The influx of new sophisticated attacks has caused numerous security vendors and government groups to call on industry to improve their cyber defences. Most recently, Metropolitan Police Central e-crime Unit head Charlie McMurdie said businesses must work more closely with law enforcement to protect themselves from advanced threats.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?
61%
9%
21%
9%

Popular Threads

Powered by Disqus
V3 Security Summit

V3 Security Summit Day 1: Advanced threat, IoT and phishing guidance incoming

Register and stay tuned for the latest cyber security news, analysis and guidance

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

C# Software developer (ASP.NET, C#, WPF, SQL, CSS , HTML)

C# Software developer (ASP.NET, C#, WPF, SQL, CSS , HTML...

Front-Office Developer (C#, .NET, Java, Artificial Intelligence

Front-Office Developer (C#, .NET, Java, Artificial Intelligence...

Senior Web UI Engineer

Web UI Engineer (HTML5, CSS3, JavaScript Angular.js...

Graduate Java/ C# SQL Client Facing Consultant (C#, Java, SQL)

Graduate Java/ C# SQL Client Facing Consultant (C#, Java...
To send to more than one email address, simply separate each address with a comma.