A persistent, widespread malware campaign that utilizes compromised Apache servers is locking users’ computers and demanding a fee of US$300 to free their data.
Researchers from Eset wrote that the ransomware scam is an extension of a long-running attack that compromises the infrastructure of web hosting companies with a variant of a malicious Apache module called “Darkleech.”
“Malicious modification of server binaries seems to be a very popular trend for malware distribution,” wrote Sebastien Duquette, an Eset malware researcher, on a company blog.
Eset also suspects that hackers also may have figured out how to compromise CPanel and Plesk, which are both software programs used by hosting companies to manage their networks and websites.
Darkleech tampers with websites hosted on an Apache server. It loads an iframe into a web page and redirects a victim to a malicious URL that hosts the Blackhole exploit kit, Duquette wrote. Eset detected at least 270 websites that redirected victims this way in the last week.
SOURCE: computerworld.com.au
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…