Malware

SPOTLIGHT ON SECURITY

The Apache Web Server’s Not-So-Secret Weakness

If you thought the hacks by Anonymous and AntiSec were bad, boy, are you in for a revelation.

This past week brings news that the Apache Web server — the one that powers the majority of the Internet and most websites — has a vulnerability that can be exploited with relatively little effort.

The Apache Software Foundation has been working on a fix and has, in the meantime, put out some mitigations that it admits are just stop-gap measures.

It’s testing two possible long-term fixes and will send out notifications as soon as they’re ready.

In the meantime, scope out their warning bulletin and download and apply their mitigations. Or go to the websites of companies such as Incapsula, which offer a solution. Pronto.

Versions 1.3 and 2 of the widely used Apache Web Server have a denial of service (DoS) vulnerability, the Apache Software Foundation has warned.

This flaw will let hackers launch a DoS attack with “many hundreds of requests, but not a flood of tens of thousands or more,” Dirk-Willem van Gulik, former president of the Apache Software Foundation, told TechNewsWorld.

The Foundation has listed some mitigations, and Apache HTTPD developers were testing and refining two solid solutions at the time of interview. These will require website admins to update their Apache HTTPD Web servers, and “will fully tackle the problem,” van Gulik said.

The danger of this vulnerability lies in the widespread use of the Apache Web server worldwide.

“Many millions of Apache HTTPD servers around the world need to be upgraded,” van Gulik stated.

That will “most likely take months,” and we’re likely to see an increased number of hacks in the meantime, Marc Gaffan, cofounder of Incapsula, told TechNewsWorld.

The Hacks Go On

Elsewhere in the world of security, Nokia’s developer site was hacked this past week through a vulnerability in the site’s bulletin board software. This allowed an SQL injection attack, by now a favorite technique among malicious hackers.

Nokia told developers that records of the forum’s members had been accessed. These include email addresses and, in a small fraction of cases, birthdates, homepage URLs or usernames for various online services. However, they don’t contain sensitive information such as passwords and credit card information.

If you’ve signed up for Nokia’s Ovi app store or other services, you’re safe.

The user information accessed is specific to users of the discussion forums only, Nokia spokesperson Karen Lachtanski told TechNewsWorld.

Nokia has removed the changed content and upgraded the website. It also took the developer community website offline while it conducts further investigations, Lachtanski said.

Meanwhile, a new website for hackers has been hitting the headlines. The RankMyHack site was created to let hackers know where they stand in the pecking order of hacking capabilities.

The site has a section that offers bounties for hacks against political and government forces. It also has a dueling system so hackers can battle each other online.

Diet of Worms

Meanwhile, two new worms surfaced this week.

One, called “Morto,” has been infecting Windows PCs by exploiting weak passwords, ICSA Labs warned.

Its current version, Morto A, has a built-in list of 37 relatively trivial passwords, including “abc123,” “1q2w3e,” and “12345.”

Morto seeks to gain local system administrator authority over PCs it infects. It downloads and executes another piece of code, Andy Hayter, anti-malcode manager at ICSA Labs, told TechNewsWorld.

Morto might be ordered to perform a DoS attack, but nothing specific has been indicated yet, Hayter stated.

At the same time, the Ramnit worm has apparently been modified to commit financial fraud, Trusteer has announced.

Ramnit now apparently includes tactics from the notorious Zeus financial malware package.

More malware incorporating Zeus’s features may be on the way, warned Ayelet Heyman, senior malware analyst at Trusteer.

“A short time after we spotted the morphed worm, a new bot named ‘Ice IX’ that’s based on a lightly modified Zeus2 core was offered for sale on the Russian cybercrime market for between (US)$600 and $1,800,” Heyman told TechNewsWorld.

Whack-a-Mac?

Cybercriminals behind the fake antivirus attacks that have been plaguing PC users are now turning their attention to the Mac, Kaspersky Labs noted.

They’re apparently hitting Mac users harder than they hit PC users.

“In some cases, the fake AV for Mac was twice as expensive as its Windows counterpart, possibly because the malware creators expect Mac users to be more affluent [than their PC counterparts],” Tim Armstrong, a malware researcher at Kaspersky Lab, told TechNewsWorld.

The Risks of Virtualization

Finally, as enterprises virtualize, they leave the management layer of their IT infrastructure open to attack, Eric Chiu, president and founder of HyTrust, warned.

There are two types of risk here. One is malicious attacks, or rogue software that can be loaded into the system; and the other is misconfiguration and administrative errors.

In at least 50 percent of implementations, administrative privileges granted have been much broader than required, Chiu told TechNewsWorld.

“Conservatively, 80 percent of the 1,200 companies we qualified in the last 12 months, which virtualize production applications on VMware’s vSphere, said they do not implement recommendations for specific best practices around securing the management plane for their virtual or cloud environment,” Chiu said.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Malware

Technewsworld Channels