Why bad news for all Internet; Last week, system and network administrators learned about the NTP vulnerability. The fact would not worry many, but the next news will probably result in many canceling their vacations and returning to the server room. The Internet Systems Consortium (ISC) is out modes for maintenance because as the company says “we believe we may have been infected with malware.”
Το ISC, που είναι η base του προγράμματος BIND DNS, έχει μολυνθεί με κακόβουλο λογισμικό. Οι διαχειριστές συστημάτων καταλαβαίνουν γιατί τα νέα είναι άσχημα και μάλλον είναι ήδη συνδεδεμένοι με ssh στο σύστημα τους. Για τους υπόλοιπους, θα προσπαθήσουμε να εξηγήσουμε
ISC is the team behind the Berkeley Internet Name Domain (BIND), an open source program. BIND is undoubtedly the most popular DNS software on the planet. It is certainly the most widespread DNS program for Unix and Linux systems, which make up most of the core Internet infrastructure.
DNS is the guide list of Internet addresses. Translates every human readable Internet address in the world, such as the url https://iguru.gr, into IPv4 and IPv6 numeric addresses. These numeric addresses are then used by routers to transfer data to and from the computer, smartphone, tablet, web pages, e-mail, etc.
In other words, it is very important. Without DNS, there is no functioning Internet.
So if the BIND code is corrupted, and your DNS BIND server has been updated with the malicious code, the webσελίδα your will have a security hole and will most likely be used for Distributed Denial of Service (DDoS).
Add another point, all over ISC is doing it F DNS root server. One of the 13 root-based Internet-based servers for global DNS services.
But things may not be as bad as they sound.
Cyphort security company, he told the ISC that their site had malware from December 22 on the main site of ISC, which used an unpublished version of WordPress. According to Cyphort the page was modified to drive visitors to areas infected with it Angler Exploit Kit. Fortunately, for the Internet, but not for Windows users, the Angler Exploit Kit is a special malicious software package for Windows.
At present, they do not exist reports about changes to BIND or to BIND-user mailing lists. Στη στατική σελίδα που σας υποδέχεται σήμερα στην ιστοσελίδα της ISC, η ISC συνιστά ότι όποιος έχει επισκεφτεί την περιοχή πρόσφατα θα πρέπει να “σαρώσει για κακόβουλο λογισμικό κάθε machine που είχε πρόσβαση σε αυτήν την ιστοσελίδα.”
Έτσι, φαίνεται πλέον ότι το problem της ISC είναι περιορισμένο σε Windows PC malware και δεν έχει πραγματοποιηθεί επίθεση στο BIND ή στην ιστοσελίδα DNS της ISC. Θέλετε να το ρισκάρετε; Εμείς δεν θα το κάναμε.
Start a proactive scan on your malware websites now and look at your DNS logs for suspicious activity.