According to a recent report from Cisco, a piece of malware known as Darkleech has infected tens of thousands of web servers running Apache v2.2.2 and above. SiliconAngle contributing editor John Casaretto provided more details on this latest cyberthreat on this morning’s NewsDesk segment (full video below).

Casaretto starts by saying that Darkleech is all but a mystery: security experts know what it does, but that’s about it.

Darkleech exploits a zero-day vulnerability in Apache to infect websites with an SSHD backdoor that allows hackers to upload malicious code to the hosting server. That payload contains a randomized, unpredictable algorithm that opens connections to third party sites infected with malware, and a component that blocks IP addresses associated with major Cybersecurity firms.

Casaretto explains that Darkleech is a major cause of concern for several reasons: it targets Apache, which powers 65 percent of all websites on the internet, and it has apparently been around since August last year. Even more concerning is that the fact that experts have not yet identified the loophole that the virus exploits, which means that a fix is nowhere in sight.

Adding insult to injury, Darkleech is incredibly hard to detect. Admins that do manage to spot it in their code have only one option at the moment: retrieve what they can from the infected server and wipe it clean. Casaretto advises end-users to use malware detection and removal tools from leading vendors to make sure that they are protected.

It’s not clear whether Darkleech is the work of a hacktivist group, a state-sponsored body or some other entity.  Casaretto says that the only thing we know for certain is that the perpetrators, whoever they may be, know what they are doing.