ISC warns that users may have been infected by malware, after hackers poison website

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

The Internet Services Consortium (ISC) has warned visitors that its website – isc.org – recently suffered a malware attack that could have resulted in visiting computer users catching an unpleasant infection.

ISC website down

Presently much of the website is “down for maintenance”, and a holding page contains a brief warning to visitors:

The ISC.org web site is down for maintenance.
We believe the web site may have become infected with malware. Please scan any machine that has accessed this site recently for malware.

Sign up to our free newsletter.
Security news, advice, and tips.

This is a WordPress issue, ftp.isc.org, kb.isc.org and our other network resources are unaffected. We have not had any reports of any client machines that have been infected from our website. If you believe you have caught a virus from our web site, please let us know, by email to [email protected].

Fortunately, it doesn’t appear that software maintained by the ISC, such as key internet technologies such as BIND DNS server and DCHP tools, have been tainted by the meddling hackers.

All the same, it’s pretty embarrassing for the ISC to have its website hit by a malware attack.

You would have rather hoped that the organisation’s technology boffins would be well-versed in security, and would have been careful to keep their installation of WordPress up-to-date and ensured that any third-party plugins they were using were safe.

Nevertheless, it appears likely that criminals did succeed into hacking the website and poisoning its pages with a drive-by download designed to infect any vulnerable computers which happened to visit.

According to reports, the attackers were able to launch the Angler exploit kit on visiting computers, taking advantage of vulnerabilities in Internet Explorer, Flash and Silverlight in an attempt to download malicious code.

Seeing as the typical visitor to the ISC website is likely to be an engineer involved in nitty-gritty of behind-the-scenes internet hardware and software, there is the potential for some valuable targets to fall victim to the attack.

Security researchers at Cyphort Labs claims that they first discovered the infection on the ISC’s website, and told the organisation a few days before Christmas.

At the time of writing, the website is still not properly restored, which may be more of an indication that the ISC’s web team are still on vacation rather than an indication of the complexity of the attack.

Clearly something went badly wrong at ISC, but there is also a need for all computers that access the internet to reduce the chances of a successful infection by ensuring they are running the latest security updates and are fully patched.

Ultimately it’s up to all of us – the website administrators *and* the users of the web – to do our bit to reduce the windows of opportunity for malicious hackers. But it would certainly be nice if we could feel confident that geeky sites like the ISC were keeping their side of the bargain…


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.