Skip to main content
Customer Support Customer Support

ISC.org website hacked: Scan your PC for malware if you stopped by

  • December 26, 2014
  • 1 reply
  • 964 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Cryptographically signed BIND, DHCP code safe, we'e told

26 Dec 2014 at 22:26, Chris Williams
 
The website for the Internet Systems Consortium, which develops the BIND DNS and ISC DHCP tools and runs a DNS root server, has been hacked.
Anyone who has recently browsed ISC.org is urged to check their PC for malware as miscreants booby-trapped the site to infect visitors. The site has been replaced by a placeholder page warning netizens of the attack.
 The Register has learned that ISC.org was running a vulnerable version of the WordPress CMS, which was exploited to compromise the web server.
We're told the source code to ISC's crucial software is stored on a separate server, and cryptographically signed to prove it hasn't been tampered with. Its BIND DNS server and DHCP tools are widely used on the internet, and included in most Linux and Unix-flavored operating systems.
 
Full Article
Ssherjj
1 person likes this
  • Ssherjj
    Ssherjj

1 reply

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
by Brian Donohue    December 29, 2014
 
EXCERPT.

Cyphort explained last week that attackers managed to compromise  ISC.org through a WordPress bug that allowed them to modify the ISC homepage with code that redirected visitors to a landing page hosting the Angler exploit kit. The kit, they say, is known to deploy a variety of exploits. In this case, Cyphort says the kit relied on Internet Explorer, Flash and Silverlight exploits.

In order to evade detection, the attackers have been cycling through the redirect domains hosting Angler.

The initial IE exploit is obfuscated. Upon deobfuscation, Cyphort determined that the kit attempts to detect the presence security products and virtual machine use. After that, it starts to enumerates plugins present and attempts to find a vulnerable version of IE. If there is a vulnerable version of Microsoft’s browser, Angler exploits it.
 
Full Article
Ssherjj
1 person likes this
  • Ssherjj
    Ssherjj

Reply


Terms & Conditions