Apache sites scalped by hack
22 Jan 2008 | 09:12 GMT
10,000 sites infected
INSECURITY experts believe that more than 10,000 sites running the Linux based Apache software may be hacked and trying to control visitors' computers.
Don Jackson, from Secureworks said that the hackers probably used stolen log-in details to gain access and then infected the Apache servers with a pair of files that generate constantly-changing JavaScript.
If a punter visits the hacked site they get walloped with nine exploits including a recent QuickTime vulnerability, the long-running Windows MDAC bug, and a fixed flaw in Yahoo Messenger.
Once a hole is opened, the victim receives a nice shiny new variant of the Trojan Rbot and are added to a botnet.
When the systems administrators, who owned the Apache boxes, were notified and reinstalled the software, the hack came back, apparently.
This lead Jackson to believe that it was a direct hack to the Linux server and not based on a vulnerability. He thinks that the only way the hacks will stop is when the Administrators change all the passwords and not just the FTP and Cpanel passwords.
More here. µ
© 2007 Incisive Media Investments Ltd. 2007