California-Based InMotion a Hosting Provider Hijacked

InMotion a hosting provider based in California was recently compromised leading to its few thousand websites' top pages getting defaced that were apparently manipulated for serving malware. Help Net Security published this on September 28, 2011.

Todd Robinson, President of InMotion, who on September 26, 2011 confirmed the compromise through an online post he added to the Web-forum of the hosting vendor, stated that website defacement was the sole objective of the hacker. Help Net Security published this.

Robinson stated that at the present juncture, the assault's maliciousness seemed to be restricted to substituting the main pages of the Internet sites. The defacement became possible via placing the index.php file of the attacker as a substitute for the index files stored inside the public_html directories. According to the President, the objective was not to steal passwords. However, the hacker employed an exploit for altering the password of a system so he could gain admission into the index files. The exploit had been blocked as also the password reset, Robinson assured.

Robinson further ensured for stressing that InMotion's domain management and billing were safe and in fact even obtainable via the disrupted network and servers.

Nevertheless, a few clients of InMotion added notes to the support website of the hosting provider in which they stated that at the time they linked up with their websites that were exhibiting the defaced sections, their anti-malware software produced alerts regarding a malicious program that was JavaScript-based.

Meanwhile, it is probable that the hacker wanted to deface the innumerable websites only to upload certain malicious software to the web-pages for aiding in executing drive-by download assaults on the websites' visitors. Currently, this technique is very common as well as effective for cyber-criminals, and seeing the hijacked InMotion websites' mirror images supported on Zone-H, one is likely to find another alert of a JavaScript virus.

Amazingly, the attack is the work of a hacker named Tiger-M@te, evident from the intruder's own assertion, while as per another person's message posted on the InMotion site, Tiger-M@te claimed defacing 700,000 websites at the time of the assault. Threatpost.com published this on September 28, 2011.

Related article: Celebrity Image Used For Spamming Once Again

» SPAMfighter News - 10/10/2011