Thousands of sites foist Blackhole exploit after DNS compromise

By

Leverages Java, pdf.

Thousands of websites have redirected users to sites foisting the Blackhole exploit kit after attackers compromised DNS servers  across three Dutch web hosts.

Thousands of sites foist Blackhole exploit after DNS compromise

Attackers Monday modified the domain registration systems from the Netherlands based Foundation with external name servers, Foxit researcher Yonathan Klijnsma (@ydklijnsma) said.

All websites using domain name servers from Digitalus, VDX and Webstekker were compromised in the Blackhole attack.

"Every web site that was being requested responded with a blank 'under construction' page with an iframe ... running the Blackhole exploit kit," Klijnsma said.

The attack leveraged Adobe Reader and Java vectors in different instances and communicates with command and control servers over the Tor network.

The websites have been restored along with DNS caches which continue to serve the malicious content 24 hours after the attack was first rectified. Digitalus, VDX and Webstekker apologised in statements about the incidents.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?