GoDaddy sites serving up malware

Security

by Steve Evans| 26 November 2012

Hosting giant is in the process of recovering affected websites


Websites hosted by GoDaddy have been distributing ransomware after a successful phishing attack resulted in a DNS hack, the company has admitted.

The company said only a "very small number" of accounts were affected and it was working to clean up the sites. Compromised accounts are also in the process of having their passwords reset, GoDaddy said in a statement sent to security firm Sophos, who first noticed the hack.

The DNS (Domain Name System) is what transfers hostnames into IP addresses, meaning computers can talk to each other and users can access them online.

According to Sophos, during this attack cyber criminals are using phished credentials to add additional subdomains corresponding to malicious IP addresses. As the end-user sees no difference, this method enables attackers to use legitimate-looking URLs. This method can often bypass security software, Sophos said, and the end-user is likely to assume the content is safe.

"Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names," the hosting company said in a statement. "We have been identifying affected customers and reversing the malicious entries as we find them. Also, we're expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware."

The company added that account holders should be using two-factor authentication where available.

It is the second issue to hit GoDaddy in the last few months. In September thousands of websites were knocked offline for around seven hours. A hacker claiming likes with Anonymous said he was behind the attack, but that was denied by the company. GoDaddy said the outage was caused by, "a series of internal network events that corrupted router data tables."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

756 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.