View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 26, 2012

GoDaddy sites serving up malware

Hosting giant is in the process of recovering affected websites

By Steve Evans

Websites hosted by GoDaddy have been distributing ransomware after a successful phishing attack resulted in a DNS hack, the company has admitted.

The company said only a "very small number" of accounts were affected and it was working to clean up the sites. Compromised accounts are also in the process of having their passwords reset, GoDaddy said in a statement sent to security firm Sophos, who first noticed the hack.

The DNS (Domain Name System) is what transfers hostnames into IP addresses, meaning computers can talk to each other and users can access them online.

According to Sophos, during this attack cyber criminals are using phished credentials to add additional subdomains corresponding to malicious IP addresses. As the end-user sees no difference, this method enables attackers to use legitimate-looking URLs. This method can often bypass security software, Sophos said, and the end-user is likely to assume the content is safe.

"Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names," the hosting company said in a statement. "We have been identifying affected customers and reversing the malicious entries as we find them. Also, we’re expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware."

The company added that account holders should be using two-factor authentication where available.

It is the second issue to hit GoDaddy in the last few months. In September thousands of websites were knocked offline for around seven hours. A hacker claiming likes with Anonymous said he was behind the attack, but that was denied by the company. GoDaddy said the outage was caused by, "a series of internal network events that corrupted router data tables."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.