Last week's revelation of the existence of Linux/Cdorked.A, a highly advanced and stealthy Apache backdoor used to drive traffic from legitimate compromised sites to malicious websites carrying Blackhole exploit packs, was only the beginning - Eset's continuing investigation has now revealed that the backdoor also infects sites running the nginx and Lighttpd webservers.
ESET researchers, together with web security firm Sucuri, have been analyzing a new threat affecting Apache webservers.
What do the recent compromises of a number of LA Times websites and the blog of hard disk drive manufacturer Seagate have in common? According to several security researchers, all these sites are hosted on servers running Apache web server software, and have been compromised and equipped with module that is able to insert and rotate malicious iFrames on all pages of websites hosted on these servers.
Analysis of a malicious Apache module, detected by ESET as Linux/Chapro.A, found that the world's most widely used web server, Apache, is being used to carry out these attacks, injecting malicious content into web pages served by an infected Linux server, without the knowledge of the website owner.
The Apache Software Foundation announced Apache Hadoop 1.0, the open source software framework for scalable, distributed computing.