ciscologoCisco has just discovered a script that attempt to exploit the Horde/IMP Plesk WebMail exploit in the vulnerable versions of the Plesk Control Panel. According to a blog post by Craig Williams, a technical leader, threat research, Security Intelligence Operations at Cisco, that by injecting malicious code in the username field, the attacker can bypass authentication and upload files to the targeted server. These types of attacks could be one of the methods used in DarkLeech compromises.

DarkLeech has compromised thousands of web servers that are running Apache 2.2.2 and above. Attackers infect servers with SSHD backdoor which enables them to upload malicious Apache Modules that are used to inject malicious iFrames in legitemate websites.

 

Read the rest of the news here: http://blogs.cisco.com/security/possible-exploit-vector-for-darkleech-compromises/