[ISN] Speedy attack targets Web servers with outdated Linux kernels

http://www.networkworld.com/news/2014/032114-speedy-attack-targets-web-servers-279944.html By Jeremy Kirk IDG News Service March 20, 2014 Web servers running a long-outdated version of the Linux kernel were attacked with dramatic speed over two days last week, Cisco Systems said on Thursday. All the affected servers were running the 2.6 version, first released in December 2003, of the Linux kernel, which is the core of the operating system. Most were running a 2.6 Linux kernel version released in 2007 or earlier, wrote Martin Lee, technical lead of Threat Intelligence for Cisco. “Systems that are unmaintained or unsupported are no longer patched with security updates,” Lee wrote. “When attackers discover a vulnerability in the system, they can exploit it at their whim without fear of it being remedied.” After the Web server has been compromised, the attackers slip in a line of JavaScript to other JavaScript files within the website. That code bounces the website’s visitors to a second compromised host, which runs another JavaScript file. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail