Thousands of websites around the world may be unwittingly serving malware to visitors because they’ve been infected with a mysterious toolkit known as Darkleech. If your website is one of them, this could be very bad for your reputation. If visitors are getting their computers compromised when they visit your site, they won’t be coming back in a hurry.
Ignorance of the problem is no excuse. It’s the responsibility of every website owner to keep their servers safe from malware and if you’re not paying attention to your own security, it could cost you hugely.
The Darkleech program has been brought to light by news and information service Ars Technica. An investigation by the publication estimates up to 20,000 websites have become infected with the code in the past few weeks alone.
And it’s not just smaller sites that may have lax security that are being targeted. The site claimed compromised servers include those belonging to reputable companies such as the Los Angeles Times and storage equipment maker Seagate.
It was explained that once it takes hold, Darkleech injects invisible code into web pages, which in turn surreptitiously opens a connection that exposes visitors to malicious third-party websites.
The attack is significant as it appears to be deliberately targeting firms using Apache web server software. Over half the world’s websites use this solution, so the potential for the problem to become even more widespread is clear.
It was observed the malware’s strategy bears many resemblances to a 2008 attack that also infected tens of thousands of web servers to expose visitors’ computers to malware sites. However, the true scale of the current problem is difficult to determine as the server malware is designed to hide itself, while it is also very tricky to get rid of.
Ars Technica said: “Disinfecting systems can prove challenging since backdoor and possibly even rootkit functionality may allow attackers to maintain control of servers even after the malicious modules are uninstalled.”