Malware attack targeting Apache hijacks 20,000 sites

Security researchers have found that tens of thousands of websites that run on the Apache Web Server software have recently been infected with "Darkleech," a mysterious exploitation toolkit that exposes visitors to potent malware attacks. Once it takes hold, Darkleech injects invisible code into webpages, which in turn opens a connection that exposes visitors to malicious third-party websites, researchers said.

The injected HTML iframe tag is usually constructed as IP address/hex/q.php. Sites that deliver such iframes that aren't visible within the HTML source are likely compromised by Darkleech. Special "regular expression" searches helped Mary Landesman, a senior security researcher for Cisco Systems' TRAC team, to find out reported iframes used in these attacks. Note that while the iframe reference is formed as IP/hex/q.php, the malware delivery is formed as IP/hex/hex/q.php.

Because the iframes are dynamically injected only when the pages are accessed, this makes discovery and remediation particularly difficult. Furthermore, the attackers employ a sophisticated array of conditional criteria to avoid detection including checking IP addresses and blacklisting security researchers, blacklisting search engine spiders and others.

Read more -here-

• Chipolo launches its first rechargeable Bluetooth trackers
• Spotify launches in-app messaging
• Waymo can now test its self-driving vehicles in New York City
• The US government is taking a 10 percent stake in Intel
• Google is selling a version of Gemini for government agencies
• PayPal breach exposed nearly 16M login credentials, hackers claim