ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Cryptome.org hacked, serving client-side exploits

By | February 14, 2012, 3:50pm PST

Summary: The popular whistle-blowing web site Cryptome.org, was recently hacked, and a malicious script was embedded on it pointing to a BlackHole web malware exploitation kit.

The popular whistle-blowing web site Cryptome.org, was recently hacked, and a malicious script was embedded on it pointing to a BlackHole web malware exploitation kit.

The BlackHole Web malware exploitation kit was serving client-side vulnerabilities from hxxp://65.75.137.243/Home/index.php with the IP currently offline.

Apparently, the attack was configured to only exploit users running Microsoft’s Internet Explorer, compared to a situation where the cybercriminals could have utilized BlackHole’s true multi-browser exploitation potential, and target multiple browsers.

According to Cryptome.org’s most recent note:

14 February 2012. 16:30GMT: Cryptome 100% restored with clean files. The Blackhole malware was removed on 12 February 2012. Apparently, according to the malware, only users of MS IE were targeted, bad enough.

Users are advised to ensure that they’re not running vulnerable third-party applications, and browser plugins.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Web, Malware, Spyware, Adware & Malware, Cyberthreats, Channel Management, Viruses And Worms, Security, Marketing, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
1
Comments
Add Your Opinion

Join the conversation!

0 Votes
+ -
RE: Cryptome.org hacked, serving client-side exploits
jerald76 16th Feb
Cryptome is a website hosted in the United States since 1996 by independent scholars and architects John Young and Deborah Natsios that functions as a repository for information about freedom of speech, cryptography, spying, and surveillance.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix