Hackers Derail ISC.org

The ISC that runs Berkeley Internet Name Domain, highly reputed Domain Name System (DNS) software said cyber-attackers hacked its website ISC.org that was therefore presently inaccessible, while cautioned visitors who went to the site lately towards reviewing their PCs for possible malicious software, published softpedia.com, December 27, 2014.

ISC's web-admins have deactivated the site since work is ongoing for getting things resolved while clearing the malicious code.

ISC.org is dependent on WordPress while seemingly the problem lies in 'content management system' or CMS associated with WordPress; therefore, it wasn't any assault particularly targeting the ISC site or its resources.

Apparently, the attackers were able to abuse the CMS partly for diverting the site's visitors onto one web-page delivering the Angler attack toolkit.

Angler abuses security flaws within Internet Explorer, Microsoft Silverlight and Adobe's Flash Player. During October 2014, just 7 days following the monthly patch revision of Adobe, security researchers observed exploitation by Angler of certain integer stack flow vulnerability within Flash whose security patch had just got issued.

In the event of successful execution of remote code, Angler pulls down more data, decodes the same within DLL files that are then executed within memory though devoid of any disk. The malicious software adapts to 64-bit and 32-bit Windows computers; its ultimate goal is not clear, however, according to researchers, not everything would be good for end-users.

Security Officer Team's Dan Mahoney with ISC states that the consortium in collaboration with investigators is trying to measure whatever damage has been caused as also what should be the next precautionary steps. It's restructuring with the aid of sanitized database as well as CMS that unfortunately doesn't time well with vacations and travel of people; consequently, the placeholder web-page remained posted longer than was planned, Mahoney explains. Theregister.co.uk reported this, December 26, 2014.

Meanwhile, ISC.org isn't the only website to fall victim to hackers during recent months. Last month during November 2014, anonymous attackers hacked into critical PCs of ICANN, the association which handles worldwide TLD (top-level domain) mechanism, while gained admission into the computer having data related to settling particular domain-names, according to ICANN.

» SPAMfighter News - 1/1/2015