A mass attack ongoing for the past month against Linux Apache Web servers has become increasingly successful because its break-in method makes use of an automated password and installation process, according to a security researcher monitoring its progress.

The attack, originally thought to have impacted several hundred websites, actually has infected about 10,000 websites, including some in the United States but mostly in the United Kingdom and India, according to SecureWorks.

If a punter visits the hacked site they get walloped with nine exploits including a recent QuickTime vulnerability, the long-running Windows MDAC bug, and a fixed flaw in Yahoo Messenger. Once a hole is opened, the victim receives a nice shiny new variant of the Trojan Rbot and are added to a botnet.

The ingenuity is that the attacker has managed to install code that modifies Apache memory to monitor requests and inject the script tag, script contents or the Rbot executable, according to SecureWorks. Some Linux Apache network managers are finding it hard to clean their servers of the attack code.