Article 3RSW1 Three months later, a mass exploit of powerful Web servers continues

Three months later, a mass exploit of powerful Web servers continues

by
Dan Goodin
from Ars Technica - All content on (#3RSW1)
drupal-800x450.jpg

Enlarge (credit: Malwarebytes)

More than 115,000 websites-many run by major universities, government organizations, and media companies-remained wide open to hacker takeovers because they hadn't installed critical patches released 10 weeks ago, security researcher Troy Mursch said Monday. A separate researcher reported on Tuesday that many of the sites were already compromised and were being used to surreptitiously mine cryptocurrencies or push malware on unsuspecting visitors.

Infected pages included those belonging to the University of Southern California, Computer World's Brazil site, and the Arkansas Judiciary's Courts and Community Initiative, which were causing visitors' computers to run resource-intensive code that mines cryptocurrency, Ji(C)rime Segura, lead malware intelligence analyst at antivirus provider Malwarebytes, told Ars.

Segura said a Harvard University page that earlier was also infected with mining malware had since been defaced, presumably by a different party. Meanwhile, a Western Michigan University page that earlier was infected with code that pushed a malicious browser extension was later repaired. Segura reported his findings Tuesday and has indexed more than 900 infected sites here.

Read 4 remaining paragraphs | Comments

index?i=GkmfPC5WnU0:XNyPwB0FYGY:V_sGLiPB index?i=GkmfPC5WnU0:XNyPwB0FYGY:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments