
Rampant Apache website attack hits visitors with highly malicious software - shawndumas
http://arstechnica.com/security/2013/07/darkleech-infects-40k-apache-site-addresses/
======
ds9
In case this may save anyone some time, this aspect has not changed:

"As has been the case with previous investigations, researchers still don't
know how the Darkleech module takes initial hold of the sites it infects.
Speculation has surfaced that the servers are compromised by exploiting
undocumented vulnerabilities in the CPanel or Plesk tools administrators used
to remotely manage sites, but there's no hard evidence to back up that theory.
Researchers also reckon sites may be taken over by cracking administrative
passwords or by exploiting security flaws in Linux, Apache, or another piece
of commonly used software."

~~~
micah94
To install a module that easily, there's got to be some commonality on the
level of a CPanel which dynamically builds config files... I can't see how a
standard Apache install with proper permissions on directories would allow
such a thing (save a root compromise, of course).

