ISC.org hacked and users may have been infected with Angler Exploit Kit malware through redirected websitesInternet Systems Consortium

In a blog report published on 22nd December, 2014, Cyphort Labs warned about the possible malware infection to ISC.org authorities.

Internet Systems Consortium

Internet Systems Consortium, Inc. which operates the website as ISC.org, is a Delaware-registered non-profit organisation that supports the infrastructure of the universal, self-organizing Internet by developing and maintaining core production-quality software, protocols, and operations. ISC is the developer of internet tools BIND, ISC DHCP, OpenReg, ISC AFTR etc.

ISC also operates one of the 13 global authoritative DNS root servers, F-root. ISC is also operational in projects such as NetBSD, XFree86, kernel.org, SNS for more than 50 top-level domains, and a DNS OARC (Operations, Analysis and Research Center) for monitoring and reporting of the Internet’s DNS. Considering the tools provided by ISC.org and that it stores vital data on its servers is a cause for worry though ISC has confirmed that the hack was due to a WordPress plugin issue and its network servers are uninfected. ISC has also asked all users who visited it recently to get their PC’s check for malwares, and inform ISC at [email protected] in addition to removing the malware. Experts believe that a plugin in the WordPress CMS used by ISC.org was compromised and the attackers booby trapped ISC.org with Angler Exploit Kit to infect users visiting ISC.org via redirects. Cyphort says that that visitors were lead to following redirects :

 snail0compilacion.localamatuergolf.com (5.196.41.3) symbolology-rumperis.prairievillage.info (5.196.41.3) zapalny.placerosemere-ideescadeaux.ca (95.211.226.158) chambouler.mygiftback.com (5.196.41.3)

The Angler Exploit Kit exploits the vulnerabilities in Internet Explorer, Adobe Flash Player and Microsoft Silverlight. In October, a week after Adobe released its monthly patch update, researchers saw Angler exploiting an integer overflow in Flash that had just been patched. Once infected, the malware remotely executes codes, downloads more malware files into the system and decrypts the files into DLL system files to run them in the Windows memory.  It is one of the most powerful exploit kits available now. Enigma Software gives the following description for Angler Exploit Kit malware. It gives following solutions for users infected with Angler Exploit Kit malware

Internet Systems Consortium  website ISC org hacked  users redirected to malware page - 42