Attack Against Linux Apache Servers Intensifying

A mass attack ongoing for the past month against Linux Apache Web servers has become increasingly successful because its break-in method makes use of an automated password and installation process, according to a security researcher monitoring its progress.

Don Jackson, senior security sesearcher at SecureWorks, says the attack, which was first thought to have compromised several hundred Web sites, has hit at least 10,000. He says the attack relies on making use of stolen passwords to Linux Apache servers by automating the installation process to force it to serve up attacks against vulnerabilities on Windows clients. "The Web server ends up serving up vulnerabilities from 2006 related to Windows malware," Jackson says. "The whole attack is very mysterious. It's based on a botnet but it doesn't match the Russian and Chinese groups and may be Western Europe or North American."

View: The full story @ PCWorld

Report a problem with article
Previous Story

Asustek launches overclocked AMD and Nvidia graphics cards

Next Story

HD DVD player sales share slumps

10 Comments

Commenting is disabled on this article.

I agree, the title should change to something else, althought it uses apache to serve the page, it this modifies code at memory it can use any web server...

Talk about sparse on details. I've even checked the apache mailing lists and no one seems to be talking about it.

It seems as if this "attack" requires root ssh access to the machine, which overshadows this so called apache "exploit." If you have a machine facing the internet with ssh access and an easily root password, then you've got more important things to worry about.

Just another reason to use decent passwords... Like mine for example:

qrrbirlbelibrijlijsd83jfs838@Q@*

Believe it or not, I've actually used that one before. :confused:

(markjensen said @ #2.1)
I hope that, after posting it, you aren't using it any more! :P

I can see someone using it to log into his neowin account right now :P

Agreed. These servers are being compromised because their passwords are known (claimed 'stolen', probably meaning 'socially engineered' ). And the payload being deployed is used to infect many Windows machines who have not (for some stupid unknown reason) kept their OS up to date. Microsoft even supplies an automatic tool for this, fer-cryin-out-loud.

(markjensen said @ #1.1)
Agreed. These servers are being compromised because their passwords are known (claimed 'stolen', probably meaning 'socially engineered' ). And the payload being deployed is used to infect many Windows machines who have not (for some stupid unknown reason) kept their OS up to date. Microsoft even supplies an automatic tool for this, fer-cryin-out-loud.

Got 2 XP pcs, one with SP1 and one without a SP. Both have firewalls, neither have anti-virus and they haven't got a virus between them. Keeping up to date isn't everything. My brother has SP2 and hes had to low-level format so many times I've lost count, last time I formatted was about 2 years ago when I got an ASUS motherboard and SATA h/d

(n_K said @ #1.2)

Got 2 XP pcs, one with SP1 and one without a SP. Both have firewalls, neither have anti-virus and they haven't got a virus between them. Keeping up to date isn't everything. My brother has SP2 and hes had to low-level format so many times I've lost count, last time I formatted was about 2 years ago when I got an ASUS motherboard and SATA h/d

Not just a format but a Low level format ay? and 2nd I wouldn't go around bragging you are using xp with an out of date service pack and no service pack at all. Most people would consider you an idiot