DNS takeover redirects thousands of websites to malware

Discussion in 'malware problems & news' started by FanJ, Aug 6, 2013.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    From the Fox-IT blog:

    http://blog.fox-it.com/2013/08/05/dns-takeover-redirects-thousands-of-websites-to-malware/

    Read more at above link.

    Note by me:
    I don't know at the moment whether it were only websites in The Netherlands.
     
    Last edited by a moderator: Aug 8, 2013
  2. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,438
    I have Blue Coat K9 to block all spyware/malware sites from even loading. Its good protection from malware DNS re-direct. :thumb:
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Some extra info (autotranslated) by tweakers:

     
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Thanks Gerard for that link ;)

    =====

    I noticed that Fox-IT has changed their Cleanup instructions:
    http://blog.fox-it.com/2013/08/05/dns-takeover-redirects-thousands-of-websites-to-malware/
    Note by me:
    I post that as it is posted there. Other antimalware programs may or may not be able to do the trick too.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    https://isc.sans.edu/diary/DNS servers hijacked in the Netherlands/16324
     
  6. makethink

    makethink Registered Member

    Joined:
    Aug 9, 2013
    Posts:
    2
    Yeah, there are malicious toolbars and DNS malware attacking lots of computers and browsers.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Personally I think it´s strange that these things can happen to such companies.

    What kind of crappy security software are they using? That´s what I would like to know. o_O
     
  8. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Google translate dutch Foodlog.nl --http://www.foodlog.nl/short-news/detail/hoe-zat-het-met-hack-van-digitalus/--
    'The study of Digital Investigation shows that through an e-mail with an almost identical-to-pdf-like malicious attachment, passwords and login data were stolen'.
    "Opening this email attachement could have happened to me. The email arrrived at a department that receives numerous types of such emails daily. The file was not immediately apparent as a non-regular pdf.
    A versed IT employee might have recognized this though, according to Sebastiaan de Koning, CEO of IT-Ernity.
    " (my translation)
    As is written in the press statement, the attachement was opened on a work station in the 'office' section, not in the 'production' section.

    Edit; Could be something as 'innocent' as not unchecking 'hide file extensions' or more nefarious like MiniDuke link on unpatched office workstation.
     
    Last edited: Aug 19, 2013
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    @ Baserk

    I suppose they were using some crappy security suite without HIPS.
     
Loading...
Thread Status:
Not open for further replies.