A malware infection has led administrators at the National Institute of Standards and Technology to take the U.S. National Vulnerability Database (NVD) offline.
The NVD site currently bears the following message: “Site/Page Not Available. The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available.”
When contacted by SecurityWeek, Gail Porter of NIST’s Public Inquiries office said in a statement that the NVD site and several other NIST-hosted Websites are unavailable due to the discovery of malware on two NIST Web servers.
“On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet,” Porter said. “NIST began investigating the cause of the unusual activity and the servers were taken offline.”
Porter added that the malware discovered on the Web servers was traced to a software vulnerability, but did not note in the statement what the vulnerability was or what software was affected.
“Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites,” Porter said. “NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services.”
The organization is continuing to respond to the incident and will restore the servers as quickly as possible, Porter added.