Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of “Darkleech,” a mysterious exploitation toolkit that exposes visitors to potent malware attacks. The ongoing attacks, estimated to have infected 20,000 websites in the past few weeks alone, are significant because of their success in targeting Apache, by far the Internet’s most popular Web server software. … Vulnerabilities in Plesk, Cpanel, or other software used to administer websites is one possibility, but researchers aren’t ruling out the possibility of password cracking, social engineering, or attacks that exploit unknown bugs in frequently used applications and OSes. Visitors using IP addresses belonging to security and hosting firms are passed over, as are people who have recently been attacked or who don’t access the pages from specific search queries.