Blackhole Infects Whistle-blowing Website Cryptome.org
Cryptome.org, specialist in publishing censored/confidential information, recently became contaminated with the Blackhole Exploit Toolkit during 10-13 February 2012; reported NakedSecurity dated February 14, 2012.
Consequently, according to Cryptome, the malware contaminated 2,863 visitors following the modification of each and every HTML file of cryptome.org on February 8, 2012. It appeared that the malware injected, particularly aimed at Windows-users running IE 6, 7 or 8 as well as led them onto another destination which hosted the Blackhole exploit.
Beginning on February 8, the hackers managed in concealing malevolent codes on all the 6,000 pages of Cryptome.org causing its administrators to struggle towards getting back control though not before February 13, the whistleblower admitted. The code in place was a Blackhole variant, its 12th version. The toolkit is an infamous and unbelievably ordinary mechanized Web-hijack tool that's created for delivering malware aiming at particular browser versions which carry application vulnerabilities already known.
Anybody accessing cryptome.org using a flawed Web-browser could become contaminated with Blackhole, with the possibility of his PC even joining a huge botnet. Apparently Web-server backs WebDAV, Front-page extensions of Microsoft that let users of Microsoft Front-pages post sites sans frightening complications of SSH/SCP or FTP.
Cryptome stated that 5,000 additional files were detected contaminated, and as the organization continued checking, it seemed each of the HTML files on cryptome.org had gotten contaminated. Also, it wasn't clear about the way the hackers acquired access via the organization's ISP since access-logs didn't indicate any infection sign. If anyone could guess the process and suggest means for preventing recurrence should write at cryptome[at]earthlink.net, the organization posted. TechWorld published this on February 13, 2012.
Incidentally, Security Labs of Security Company M86 Security says that Blackhole is a widely-utilized attack kit, as its researchers, during July-December 2011, identified and examined vicious URLs to discover that Blackhole accounted for approximately 95% of the entire vicious web-links.
Significantly, during the current assault, cyber-crooks took the trouble for making malware invisible pretty long via disregarding all visitors to the website accessing through Google web-domains, perhaps for minimizing the possibility of Google banning Cryptome on its search engine, through the Safe Browsing defense-mechanism within Chrome.
Related article: Blackhole Exploit Injected into USPS Website
» SPAMfighter News - 21-02-2012