Thousands of sites foist Blackhole exploit after DNS compromise

By

Leverages Java, pdf.

Thousands of websites have redirected users to sites foisting the Blackhole exploit kit after attackers compromised DNS servers  across three Dutch web hosts.

Thousands of sites foist Blackhole exploit after DNS compromise

Attackers Monday modified the domain registration systems from the Netherlands based Foundation with external name servers, Foxit researcher Yonathan Klijnsma (@ydklijnsma) said.

All websites using domain name servers from Digitalus, VDX and Webstekker were compromised in the Blackhole attack.

"Every web site that was being requested responded with a blank 'under construction' page with an iframe ... running the Blackhole exploit kit," Klijnsma said.

The attack leveraged Adobe Reader and Java vectors in different instances and communicates with command and control servers over the Tor network.

The websites have been restored along with DNS caches which continue to serve the malicious content 24 hours after the attack was first rectified. Digitalus, VDX and Webstekker apologised in statements about the incidents.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Log In

  |  Forgot your password?