This article originally appeared at The WHIR
The website of the Internet Systems Consortium, the non-profit organization behind the BIND Domain Name System software, is down for maintenance after administrators found signs of a possible malware infection.
Since ISC also operates the F-root name server, one of the 13 Internet root name servers underpinning the global Internet, some worry that this infection could have an enormous impact, despite the organization saying otherwise.
According to the message displayed on ISC.org, the WordPress CMS is likely the point of infection, and the other network resources including the FTP site from which BIND can be downloaded, and the ISC Knowledge Base for documentation.
ISC notes that the malware incident has resulted in no infections of client machines, but is advising those who have recently accessed this site to scan their systems for malware. ZDNet’s Steven J. Vaughan-Nicholsfurther recommends site admins monitor their DNS logs for suspicious activity.
According to Cyphort Labs, which detected the infection on Dec. 22, the main page had been modified so that visitors are redirected to a landing page for the Angler Exploit Kit, which serves various exploits that download and execute a malicious binary in memory (in which nothing is written to disk) on Windows systems.
Some propose that if ISC’s front-end WordPress server is compromised, other aspects of the organization could be too, including the BIND code. A server that’s updated with compromised DNS BIND code would, for instance, provide a security hole for malicious hackers.
As for the F-root servers, the ISC’s Dan Mahoney told The Register that “service and security is absolutely unaffected” by the website compromise – being entirely separate from the front-end servers.
Meanwhile, ISC is rebuilding its front-end website with a clean database and CMS, which will undoubtedly be more assuring for site visitors aiming to download DNS software than a malware warning.
This article originally appeared at: http://www.thewhir.com/web-hosting-news/website-dns-organization-isc-malware-discovery