Updated: GoDaddy has DNS compromised causing some site visitors to get infected

GoDaddy DNS has been compromised, some users being forwarded to rogue subdomains.

Published Fri, Nov 23 2012 7:03 PM CST   |   Updated Tue, Nov 3 2020 12:26 PM CST

GoDaddy is having more trouble with their DNS. After a major outage took down a large portion of the internet, they are again facing issues. This time, DNS records of websites hosted on GoDaddy are being modified. The modification adds subdomains that point to infected websites under the control of malicious users.

Updated: GoDaddy has DNS compromised causing some site visitors to get infected | TweakTown.com

Once a computer is redirected to the malicious IP, the server attempts to exploit the system using the Cool Exploit kit. Because of the record being modified at the DNS level, the URL and site look to be legitimate. If a user becomes infected, the computer is locked down via ransomware and the user is made to pay to unlock it.

It's the typical ransomware setup--it uses local currency and information to make it look as if local law enforcement are the ones who locked it down. Affected webmasters should check their DNS records to make sure that they don't have these rogue subdomains and users who have been affected should contact a virus removal expert.

Update:GoDaddy has provided me with the official statement regarding the breach:

Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names. We have been identifying affected customers and reversing the malicious entries as we find them. Also, we're expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware.

We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems.

Go Daddy highly recommends that US- and Canada-based customers enable 2-Step Authentication to help protect their accounts. Details on how to set up this feature are located at https://support.godaddy.com/help/article/7502/enabling-twostep-authentication.

If a customer suspects their account may have an issue, we encourage them to contact Go Daddy Customer Care or fill out the form at the following link: https://support.godaddy.com/support/?section=support.

NEWS SOURCE:electronista.com

Trace is a starving college student studying Computer Science. He has a love of the English language and an addiction for new technology and speculation. When he's not writing, studying, or going to class, he can be found on the soccer pitch, both playing and coaching, or on the mountain snowboarding.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles