All the latest UK technology news, reviews and analysis


Hackers hit thousands of websites with Apache backdoor attack

29 Apr 2013
Security padlock image

Security firm Eset has uncovered a malicious cyber campaign using a backdoor exploit in Apache web servers to herd web users to sites carrying Blackhole exploit packs. The security firm reported uncovering the campaign on Friday, warning that thousands of websites have already fallen victim.

Eset senior research fellow, Righard Zwienenberg, told V3 the backdoor, codenamed Linux/Cdorked.A, is one of the most advanced attacks to target the Apache platform, boasting advanced detection dodging powers.

"The configuration of Linux/Cdorked.A is pushed to the system using obfuscated HTTP requests not apparent in Apache's log. This hides the fact that the web server is compromised. Linux/Cdorked.A can also receive commands with HTTP-POST," he said.

"The problem here is that Linux/Cdorked.A leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. It will be difficult to assess the dangers and actions of specific compromised systems if only the binary is found and the active shared memory is not.

Zwienenberg said the compromised servers are being used to drive web traffic to a number of malicious websites containing malware and exploits from the Blackhole exploit kit. The campaign has already compromised hundreds of Apache servers, meaning that thousands of websites could potentially have been affected.

The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies. This means that a successful security breach can affect numerous different businesses across a diverse range of industries.

"With so many web servers running Apache, potentially hundreds of thousands of sites are vulnerable to this hard-to-detect threat. Other than modifying the existing httpd daemon service, all other traces are only in memory. Traffic to the website may be directed to other sites, where some of the redirects are to sites that carry the notorious Blackhole Exploit Kit," said Zwienenberg.

"Businesses must make sure they are always are up to date in applying all security patches. The days when patch management was a luxury are long gone. These must be completed so every employee is safe, and complemented with appropriate prevention measurements, such as anti-malware security suites."

The backdoor is one of many advanced threats uncovered targeting businesses over the last month. Prior to it security firm Seculert uncovered a 'Magic Malware' that features several detection dodging capabilities.

The influx of new sophisticated attacks has caused numerous security vendors and government groups to call on industry to improve their cyber defences. Most recently, Metropolitan Police Central e-crime Unit head Charlie McMurdie said businesses must work more closely with law enforcement to protect themselves from advanced threats.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
21%
13%
4%
21%
31%
10%

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

KYC /AML / Financial client Onboarding

KYC / AML / on-boarding - High Risk Financial Clients...

Compliance/ Financial Crime/ Sanctions/ ABC/ Bank

Financial Crime / Sanctions / Monitoring / AML/ STF...

Head of Analysis - Change Transformation Programme

One of our key clients a tier 1 investment bank are looking...

Python Developer

My Client are an Industry leading provider of Digital...
To send to more than one email address, simply separate each address with a comma.