Website for DNS Organization ISC Down After Malware Discovery

The website of the Internet Systems Consortium is down for maintenance after administrators find signs of a possible malware infection.

David Hamilton

December 30, 2014

2 Min Read
Website for DNS Organization ISC Down After Malware Discovery

logo-WHIR

logo-WHIR

This article originally appeared at The WHIR

The website of the Internet Systems Consortium, the non-profit organization behind the BIND Domain Name System software, is down for maintenance after administrators found signs of a possible malware infection.

Since ISC also operates the F-root name server, one of the 13 Internet root name servers underpinning the global Internet, some worry that this infection could have an enormous impact, despite the organization saying otherwise.

According to the message displayed on ISC.org, the WordPress CMS is likely the point of infection, and the other network resources including the FTP site from which BIND can be downloaded, and the ISC Knowledge Base for documentation.

ISC notes that the malware incident has resulted in no infections of client machines, but is advising those who have recently accessed this site to scan their systems for malware. ZDNet’s Steven J. Vaughan-Nicholsfurther recommends site admins monitor their DNS logs for suspicious activity.

According to Cyphort Labs, which detected the infection on Dec. 22, the main page had been modified so that visitors are redirected to a landing page for the Angler Exploit Kit, which serves various exploits that download and execute a malicious binary in memory (in which nothing is written to disk) on Windows systems.

Some propose that if ISC’s front-end WordPress server is compromised, other aspects of the organization could be too, including the BIND code. A server that’s updated with compromised DNS BIND code would, for instance, provide a security hole for malicious hackers.

As for the F-root servers, the ISC’s Dan Mahoney told The Register that “service and security is absolutely unaffected” by the website compromise – being entirely separate from the front-end servers.

Meanwhile, ISC is rebuilding its front-end website with a clean database and CMS, which will undoubtedly be more assuring for site visitors aiming to download DNS software than a malware warning.

This article originally appeared at: http://www.thewhir.com/web-hosting-news/website-dns-organization-isc-malware-discovery

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like