Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Malware Compromises Web-hosts’ DNS Servers in Netherlands

The monitoring service of Fox-IT, on August 5, 2013, spotted one redirect at first taking onto conrad.nl the Internet store for electronics goods, which's greatly visited, however, after sometime taking onto several other online sites. From the manner in which Conrad.nl was compromised, it became apparent that numerous sites were redirecting, with the Domain Name System (DNS) server's hijacked conditions affecting three web-hosts -Webstekker, VDX and Digitalus, published blog-fox-it.com, August 5, 2013.

Each of the websites utilizing the above web hosts' DNS servers were likely to have been impacted. Digitalus' observation was that somebody altered the Domain Name Registration (DNR) made available from Foundation for Internet Domain Registration in the Netherlands (SIDN), taking help of outside name servers.

Consequently, when a DNS request was set intended for them, it finally reached the malevolent Domain Name System servers. And as the DNS areas possessed some 24-hrs 'Time-to-Live' (TTL), the majority of ISPs would carry the indicated wrong data for no less than the time-span the DNS zones remained active. However, on contacting the ISPs, the problem was rectified while the external name servers currently have the properly compiled data while responding.

Experts at Fox-IT explained that whenever an online site was attempted to visit, it showed one empty web-page displaying "Under construction," while it had one iFrame that actually harbored the BlackHole attack toolkit. After Conrad.nl was presumed to be the only hijacked site, soon more website requests to the DNS web-servers returned replies with only one IP address, 178.33.22.5 for all the sites, the experts said. Softpedia.com published this, August 6, 2013.

By exploiting PDF/Java security flaws, the BlackHole thrust malware that subsequently pulled down one Tor-powered malware. Fox-IT says just 4 anti-virus engines from Virus Total's 45 could detect the first malware.

Though unclear, the ISPs think SIDN is the origin of the hack.

Still disturbingly, according to the web-hosts, it was the clients' websites that couldn't be reached. They disregarded the problem which was really 'absence of un-patched software with visitors who thus became infected.' In any case, the flaw, whatever it might be, exploited for altering the DNS must get rectified, Fox-IT advises.

» SPAMfighter News - 8/14/2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Press Releases - IT Security News

Go back to previous page
Next
-->

Products

SPAMfighter
SLOW-PCfighter
FULL-DISKfighter
DRIVERfighter
VIRUSfighter
SPYWAREfighter
Anti spam / Anti virus business solutions

About

Company
Contact us
Press room
Support
Blog
Sign up for newsletters

Partnerships

Become a partner
Become a reseller
Find a reseller
Become an affiliate
White Label Software

Social media

Facebook
Twitter
Youtube
LinkedIn
© SPAMfighter 2003-2024    All rights reserved.    Privacy Statement    Sitemap