SecureWorks: Mass Attack on Apache Servers Running Linux Can Be Stopped by Disabling Server's Dynamic Loading
Jim Carr writes on SC Magazine US:
Security vendor SecureWorks reported this week that the mass attack launched against Apache web servers running on the open-source Linux operating system can be thwarted by disabling dynamic loading in the Apache configuration.More here.
The attack, originally thought to have impacted several hundred websites, actually has infected about 10,000 websites, including some in the United States but mostly in the United Kingdom and India, according to SecureWorks.
The compromised websites, mostly hobby and travel sites without security administrators to keep them updated, can infect their visitors with malicious JavaScript code that can steal a variety of personal information, including bank user names and passwords, Social Security and credit card numbers and online payment accounts, according to SecureWorks.
The malicious JavaScript takes advantage of flaws in QuickTime and a host of other applications and services, including SuperBuddy and Yahoo Messenger's GetFile, SecureWorks researchers said.
posted by Fergie @ 1/24/2008 12:43:00 PM
0 Comments:
Post a Comment
<< Home