Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on November 26, 2012

Go Daddy blames phishing (not security hole) for some sites pushing malware, resets passwords


Go Daddy blames phishing (not security hole) for some sites pushing malware, resets passwords

On Friday, we wrote about how cybercriminals altered the DNS records of Go Daddy sites to serve up malware that demands ransom from victims. The company said it wouldn’t be able to get back to us till Monday, and now it has, mainly to say it is not at fault.

Here’s the full statement, courtesy of Scott Gerlach, Go Daddy’s Director of Information Security Operations:

Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names. We have been identifying affected customers and reversing the malicious entries as we find them. Also, we’re expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware.

We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems.

Gerlach also encouraged US- and Canada-based customers to enable 2-Step Authentication to help protect their accounts (international users can’t do this, which helped this attack propagate) and to contact Go Daddy Customer Care for additional support.

For reference, here is what we wrote about the attack last week:

The attackers in this case are accessing and modifying the DNS records of sites, adding one or more additional subdomains with corresponding DNS entries referencing malicious IP addresses, ensuring they resolve to rogue servers with the Cool Exploit Kit. As a result, the attacks appear to use legitimate-looking URLs, helping evade security checks as well as tricking users into thinking the content must be safe.

Instead, the users are hit with various malicious files, since the exploit kit takes advantage of several different vulnerabilities and can serve up different types of malware.

Users should avoid clicking on links sent to them via email or other means, even if the links appear to be legitimate at first glance. Go Daddy users meanwhile need to use more secure passwords, and try to avoid being tricked by phishing scams.

In other words, on both sides of the equation, everyone needs to be more careful. Go Daddy meanwhile needs to enable 2-Step Authentication for all its customers.

Image credit: linusb4

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top