Ongoing malware attack targeting Apache, hijacks 20,000 sites

Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of “Darkleech,” a mysterious exploitation toolkit that exposes visitors to potent malware attacks. Once it takes hold, Darkleech injects invisible code into Web pages, which in turn surreptitiously opens a connection that exposes visitors to malicious third-party websites. No one has been able to positively identify the weakness attackers are using to commandeer the Apache-based machines.

Takeaway: Since it’s still unclear exactly how to protect these web servers, disinfecting systems can also prove challenging since backdoor and possibly even rootkit functionality may allow attackers to maintain control of servers even after the malicious modules are uninstalled. The recommendation for admins is to take infected servers offline and use backup data to reinstall the software and change all server credentials.