New DoS attack uses Web servers as zombies

Researchers have uncovered a botnet that uses compromised Web servers instead of the usual personal computers to launch denial-of-service (DoS) attacks.

Security firm Imperva said on Wednesday it uncovered a botnet of about 300 Web servers after one of its "honeypot" servers was used in an attack and based on a search of attack code via Google. Web servers were commonly used in such attacks a decade ago but had been replaced by the more ubiquitous Windows-based PCs, said Amachai Shulman, chief technology officer at Imperva.

In the DoS attack Imperva observed, two Web servers were targeting an unnamed hosting provider based in The Netherlands, he said. The hosting provider was aware of the situation, Shulman said. It appeared that the Web servers were being compromised with code that exploits a vulnerability in PHP, a computer language used for processing Web pages, and it can affect servers running Apache, Microsoft Internet Information Services (IIS), or other server software, he said.

For more on this story, read New DoS attack uses Web servers as zombies on CNET News.