Developers of the Apache open-source project today warned users of the popular Web server software that a denial-of-service (DoS) tool is circulating that exploits a bug in the program. The tool, called "Apache Killer," showed up last Friday in a post to the "Full Disclosure" security mailing list. Today, the Apache project acknowledged the vulnerability that the attack tool exploits, and said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours. "A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by Apache," the group said in a security advisory. According to Apache, all versions in the 1.3 and 2.0 lines are vulnerable to attack. U.S. and Russian antivirus vendors took shots at each other as they quarreled over a recent report of a cyber campaign that allegedly infiltrated scores of Western governments, organizations and corporations. The report, released earlier this month by McAfee, claimed that a half-decade-long hacker operation compromised more than 70 U.S. and foreign government agencies, defense contractors and international organizations to plant malware that in some cases hid on networks for years. McAfee's report was picked up by numerous news outlets, and even caught the eye of Congress. On Aug. 10, Rep. Mary Bono Mack, the chairman of the House subcommittee on commerce, manufacturing and trade, sent a letter to McAfee asking for more information on the intrusions. McAfee dubbed the campaign "Shady RAT" and said it was an example of an "advanced persistent threat," or APT, a term that's been used widely by mainstream security companies, and in news reports, since Google claimed that Chinese hackers had breached its network. Last Thursday, the CEO of Moscow-based Kaspersky Labs took exception to McAfee's conclusions, especially that the attacks were sophisticated enough to justify the "advanced" part of the APT label. "We consider those conclusions to be largely unfounded and not a good measure of the real threat level," said Eugene Kaspersky, CEO and co-founder of the company that bears his name. Like most Android malware, GingerMaster hides inside legitimate Android applications that attackers have pirated, added malware to, then re-released onto popular download markets. When unsuspecting users download the infected apps, the exploit kicks into action, "rooting" the smartphone to gain complete access, harvesting personal data from the phone, including the device ID and the phone number, before sending that to a command-and-control (C&C) server maintained by the attackers. The malware waits for further instructions from the C&C server, which can tell jacked phones to download even more malware or other apps.
Pages to are hidden for
"To_Translate"Please download to view full document