Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Weekend Hack Infects Hosting Servers

The Internet Storm Center (ISC) tracked a large-scale hack over the weekend that infected site-hosting servers, which in turn transformed all the hosted sites into distributors of malicious code.

"We have received reports and evidence that a number of companies that provide shared hosting Web servers have had their servers exploited and all of the customer homepages modified so that visitors are attacked," said the Storm Center's Daniel Wesemann Sunday in an online posting.

It seems that the attack used both direct and indirect means to infect users, said the ISC. In some cases, a script was appended to all home pages of the sites hosted on the compromised servers; the script redirected visitors of those pages to a malicious site (which was offline as of mid-morning Monday), which actually distributed the malicious code.

But ICS also found some evidence that a DNS cache poisoning attack was part of the program. "We are not quite sure yet how this is being done, as the files that we've received so far do not seem to contain DNS/DHCP poisoning code."

The hackers, whoever they are (or he is), also used Dynamic DNS to try to stay one step ahead of ISPs, and organizations such as the ISC. The IP address for three different domains were all resolving to one address -- 217.16.26.148 -- according to the ICS.

  • 1