Malware attack targeting Apache hijacks 20,000 sites

Security researchers have found that tens of thousands of websites that run on the Apache Web Server software have recently been infected with "Darkleech," a mysterious exploitation toolkit that exposes visitors to potent malware attacks. Once it takes hold, Darkleech injects invisible code into webpages, which in turn opens a connection that exposes visitors to malicious third-party websites, researchers said.

The injected HTML iframe tag is usually constructed as IP address/hex/q.php. Sites that deliver such iframes that aren't visible within the HTML source are likely compromised by Darkleech. Special "regular expression" searches helped Mary Landesman, a senior security researcher for Cisco Systems' TRAC team, to find out reported iframes used in these attacks. Note that while the iframe reference is formed as IP/hex/q.php, the malware delivery is formed as IP/hex/hex/q.php.

Because the iframes are dynamically injected only when the pages are accessed, this makes discovery and remediation particularly difficult. Furthermore, the attackers employ a sophisticated array of conditional criteria to avoid detection including checking IP addresses and blacklisting security researchers, blacklisting search engine spiders and others.

Read more -here-

• Dell confirms database hacked - hacker says 49 million customers hit
• Google releases emergency fix for new Chrome zero-day flaw
• Disney+, Hulu and Max team up for streaming bundle package
• OpenAI is reportedly working on a search feature for ChatGPT
• TikTok, ByteDance sue to block US law seeking sale or ban of app
• OpenAI partners with Stack Overflow to make models better at coding