A newly identified ongoing attack campaign in which attackers are using compromised Apache HTTP binaries to redirect users to malicious sites. The attack crew is replacing the existing Apache binary with a highly sophisticated backdoor. The backdoor doesn t write any files to disk and instead uses shared memory as a means of maintaining its presence on the machine. The lack of information left on infected machines makes life difficult for researchers trying to analyze the attack, but what experts have come up with so far shows that there could be as many as several hundred infected servers.
Source: https://threatpost.com/attack-using-backdoored-apache-binaries-to-lead-to-blackhole-kit/99973/