Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

ISC Website Served Malware Following Hack Attack

The official website of the Internet Systems Consortium (ISC) was hacked just before Christmas and set up to serve malware to visitors, researchers at security firm Cyphort reported.

The official website of the Internet Systems Consortium (ISC) was hacked just before Christmas and set up to serve malware to visitors, researchers at security firm Cyphort reported.

ISC.org has been shut down after the organization was notified about the attack and the website has been down for maintenance ever since. Cyphort said it alerted ISC on December 22 and the site was cleaned up by the next day.

ISC’s website and blog are powered by WordPress. The attackers modified the homepage of isc.org so that its visitors were redirected to a server hosting the Angler exploit kit, researcher said.

The exploit kit was set up to leverage vulnerabilities in Internet Explorer, Flash and Microsoft Silverlight to push malware onto visitors’ systems.

In this particular attack, Angler injected the malicious code directly into the victim machine’s memory. This variant of the exploit kit was first spotted this summer by the French malware researcher know as “Kafeine.”

Attacks targeting ISC can have serious consequences because the organization is responsible for the development of BIND, the most widely used Domain Name System (DNS) software. ISC also operates one of the 13 Internet root name servers. However, the organization says damage appears to be limited to its website; other resources are not affected.

“Our website runs on a separate machine, isolated from the rest of our infrastructure, and no critical information was lost or other systems compromised. The web site virus had no impact on our ftp server, our source code archives, our f-root server, our internal network, or any other ISC infrastructure or systems,” ISC representatives told SecurityWeek.

The organization says targeted attacks against its systems are not uncommon, but this doesn’t appear to be the case.

Advertisement. Scroll to continue reading.

“Like many small businesses, we operate a small website using WordPress. Our WordPress installation was compromised and became infected. Our current theory is that we were using a compromised WordPress plug-in that installed a backdoor, but we do not know for sure how the backdoor was installed. Our theory is mostly based on the information that Sucuri.net has published about a WordPress vulnerability called ‘soaksoak‘,” ISC explained.

ISC is advising users who visited the site recently to scan their computers for malware.

“We have not had any reports of any client machines that have been infected from our website. If you believe you have caught a virus from our web site, please let us know, by email to [email protected],” ISC said on its website.

Until the website is restored, BIND and ISC DHCP can be downloaded from the organization’s FTP server. ISC has also provided users with information on how to check the integrity of downloaded files.

“Our site will be back up this week. We are rebuilding the website from scratch. We did a fresh install of WordPress, with tighter security settings. An engineer is manually inspecting all our content for anything that should not be there. This is quite a time-consuming process, but we think it is the only way to ensure that there are no backdoors or malicious files,” ISC representatives said.

Earlier this month, ISC released updates to address several remotely exploitable vulnerabilities in BIND. One of the security bugs, which affected multiple DNS resolvers, was discovered by Florian Maury of the French government information security agency ANSSI, and it could have been exploited to cause the software to crash.

ISC is not the only high-profile Internet organization hacked this month. The Internet Corporation for Assigned Names and Numbers (ICANN) suffered a data breach after its employees fell victim to a spear phishing attack.

*Updated with clarifications from ISC

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.