TweakTown
Tech content trusted by users in North America and around the world
6,097 Reviews & Articles | 39,129 News Posts

Updated: GoDaddy has DNS compromised causing some site visitors to get infected

GoDaddy DNS has been compromised, some users being forwarded to rogue subdomains

| Internet & Websites News | Posted: Nov 24, 2012 1:03 am

GoDaddy is having more trouble with their DNS. After a major outage took down a large portion of the internet, they are again facing issues. This time, DNS records of websites hosted on GoDaddy are being modified. The modification adds subdomains that point to infected websites under the control of malicious users.

 

TweakTown image news/2/6/26917_1_godaddy_has_dns_compromised_causing_some_site_visitors_to_get_infected.png

 

Once a computer is redirected to the malicious IP, the server attempts to exploit the system using the Cool Exploit kit. Because of the record being modified at the DNS level, the URL and site look to be legitimate. If a user becomes infected, the computer is locked down via ransomware and the user is made to pay to unlock it.

 

It's the typical ransomware setup--it uses local currency and information to make it look as if local law enforcement are the ones who locked it down. Affected webmasters should check their DNS records to make sure that they don't have these rogue subdomains and users who have been affected should contact a virus removal expert.

 

Update:GoDaddy has provided me with the official statement regarding the breach:

 

Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names. We have been identifying affected customers and reversing the malicious entries as we find them. Also, we're expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware.

 

We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems.

 

Go Daddy highly recommends that US- and Canada-based customers enable 2-Step Authentication to help protect their accounts. Details on how to set up this feature are located at http://support.godaddy.com/help/article/7502/enabling-twostep-authentication.

 

If a customer suspects their account may have an issue, we encourage them to contact Go Daddy Customer Care or fill out the form at the following link: https://support.godaddy.com/support/?section=support.

NEWS SOURCES:Electronista.com

Related Tags

Further Reading: Read and find more Internet & Websites news at our Internet & Websites news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases