Go Daddy mass hack points surfers towards malware Hundreds of Go Daddy sites were compromised to point towards a site hosting malware last weekend. The mass hack of around 445 sites involved the injection of hostile code into the .htaccess files of the sites. Go Daddy quickly removed the hostile code before working with its customers to take back full control of the sites, …
This is nothing new. Malware specifically designed to target FTP clients and either retrieve stored passwords or monitor connections when the password is manually provided is nothing new, see Gumblar for one example dating back to 2009.
These account access details are then used for a whole variety of reasons, sometimes the details are used to upload PHP/Perl junk mailers to accounts, sometimes they add iframe links into all content into an account, or sometimes they upload content to folders' .htaccess files.
These attacks are generally carried out in batches as a matter of course, where large numbers of different accounts will be compromised in a short period of time, the only thing that may seem unusual about this particular round is the number of accounts being hosted by a single host.
As mentioned in the article, it wasn't an attack on GoDaddy's systems or security procedure, it's sloppy users not updating crummy insecure Adobe software and having their own passwords compromised as a result.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
