Web Servers with Old version of Linux Attacked by Cybercriminals

A large number of websites are being hit on a wide-scale owing to unsupported OS (operating systems), according to research conducted by security firm Cisco. Experts at the security firm note that hackers have hit web servers running a version of Linux 2.6 kernel which was released seven years ago.

Due to such multistage attack, compromised websites are spiked with JavaScript which redirects users to a second site where additional malware is served.

Threatpost.com published a report on 21st March, 2014 quoting Martin Lee, a researcher of Cisco, as saying "it is possible that cybercriminals have recognized a vulnerability on the Linux platform and have as a result been able to exploit old-systems which may not be continuously patched by administrators."

The second malicious site of the attack is serving a click fraud scam where the victim's browser displays a number of advertisements. It is assumed that assaulters are loading computer Trojan on hijacked machines at this point.

According to Cisco, more than 400 different hosts were affected each day on 17th and 18th March, 2014 with more than 2,700 URLs were successfully compromised by attackers at the time of publishing.

Infected servers are seen all over the globe with more concentrations in Germany and US along with Spain which has also been hit by this campaign.

Cisco said that many of the affected hosts have been compromised and cleaned.

Itsecuritynews.info published a statement on 21st March, 2014 stating an explanation of Lee as "some security products may detect JavaScript redirect as similar to that which was previously used in Blackhole exploit kit but Cisco has no testimony of attacks related to BHEK (Blackhole) rather than an illustration of code reuse."

Lee said that this large scale compromise of an old operating system make such systems in operation vulnerable to high risk.

The campaign of attack again emphasizes the need for system administrators to constantly update their systems.

COMPUTERWORLD published a report on 21st March, 2014 stating a conclusion by Lee as "Several vulnerable un-patched machines on the Internet are enticing targets for cybercriminals and such systems can be employed as disposable one-shot podiums for launching cyber attacks."

» SPAMfighter News - 3/31/2014