Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, April 30, 2013

Hackers hit thousands of websites with Apache backdoor attack

Security firm Eset has uncovered a malicious cyber campaign using a backdoor exploit in Apache web servers to herd web users to sites carrying Blackhole exploit packs. It will be difficult to assess the dangers and actions of specific compromised systems if only the binary is found and the active shared memory is not. Zwienenberg said the compromised servers are being used to drive web traffic to a number of malicious websites containing malware and exploits from the Blackhole exploit kit.   The campaign has already compromised hundreds of Apache servers, meaning that thousands of websites could potentially have been affected.


The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies.

“With so many web servers running Apache, potentially hundreds of thousands of sites are vulnerable to this hard-to-detect threat. Traffic to the website may be directed to other sites, where some of the redirects are to sites that carry the notorious Blackhole Exploit Kit,” said Zwienenberg.

The influx of new sophisticated attacks has caused numerous security vendors and government groups to call on industry to improve their cyber defences. Most recently, Metropolitan Police Central e-crime Unit head Charlie McMurdie said businesses must work more closely with law enforcement to protect themselves from advanced threats.



Posted on 04/30