Thousands of sites foist Blackhole exploit after DNS compromise

By

Leverages Java, pdf.

Thousands of websites have redirected users to sites foisting the Blackhole exploit kit after attackers compromised DNS servers  across three Dutch web hosts.

Thousands of sites foist Blackhole exploit after DNS compromise

Attackers Monday modified the domain registration systems from the Netherlands based Foundation with external name servers, Foxit researcher Yonathan Klijnsma (@ydklijnsma) said.

All websites using domain name servers from Digitalus, VDX and Webstekker were compromised in the Blackhole attack.

"Every web site that was being requested responded with a blank 'under construction' page with an iframe ... running the Blackhole exploit kit," Klijnsma said.

The attack leveraged Adobe Reader and Java vectors in different instances and communicates with command and control servers over the Tor network.

The websites have been restored along with DNS caches which continue to serve the malicious content 24 hours after the attack was first rectified. Digitalus, VDX and Webstekker apologised in statements about the incidents.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
blackholednsmalwaresecuritywebsites

Sponsored Whitepapers

Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?