This'll be a short one this time. A new malware botnet from Russia ("with love") is on the loose called "Armageddon" which contains a new exploit known as "Apache Killer" and it's pretty serious.
Although the particular exploit appeared back last August, the presence of it in this new botnet in the wild means that if you haven't updated your Apache server to the latest version, you're likely to fall victim to serious DDOS attack.
"Apache Killer" exploits a vulnerability in the Apache Web server by sending a specially crafted "Range" HTTP header to trigger a denial-of-service condition. And the exploit is serious enough that a single computer is capable of bringing Apache to its knees. A botnet full of these can result in "tango down."
IDG reports that the attack abuses the HTTP protocol by requesting that the target web server return the requested URL content in a huge number of individual chunks, or byte ranges," said Arbor research analyst Jeff Edwards in a blog post on Tuesday. "This can cause a surprisingly heavy load on the target server."
The vulnerability is identified as CVE-2011-3192 and was patched in Apache HTTPD 2.2.20, a week after the exploit was publicly released. Apache 2.2.21 contains an improved fix, according to the IDG article.
Just wanted to give everyone who is not aware of it a "heads up"... and be sure you're running the latest Apache in your house.
About the author: Kevin McAleavey is the architect of the KNOS secure operating system ( http://www.knosproject.com ) in Albany, NY and has been in antimalware research and security product development since 1996.
Running Apache? Beware of "Armageddon"...
Monday, March 19, 2012
| 5561 | |
| Network->General | |
| Information Security | |
| Denial of Service Apache Patching malware Vulnerabilities DoS Attacks Servers botnet Apache Killer |
Comments:
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.
Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.
Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.
Most Liked
Latest Member Comments
Latest Posts
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox