Go Daddy Attributes DNS Hack to Phishing

A spokesman at Go Daddy, the popular domain registrar and Web host company, believes that some of its users may have been phished – and that’s to blame for the barrage of ransomware some customers have been seeing in past week or so.

A spokesman at Go Daddy, the popular domain registrar and Web host company, believes that some of its users may have been phished – and that’s to blame for the barrage of ransomware some customers have been seeing in past week or so.

Last week it was reported that attackers had placed malicious DNS records on some of the company’s domain names to redirect users to sites hosting the Cool Exploit Kit, a recently developed kit known for dropping the Reveton ransomware.

Reveton, a particular type of ransomware that demands users pay a fine to unlock their computer, made its way around the internet late this summer and even forced the FBI to alert the public of the malware.Go Daddy

Scott Gerlach, Go Daddy’s Director of Information Security Operations, told reporters yesterday that only a “small number of accounts” have been affected by the malicious DNS entries and that the company is reversing them as they’re indentified. Gerlach added that Go Daddy is expiring the passwords of those affected to prevent the further spread of malware. In the statement, Gerlach suggests that any problems users are experiencing with ransomware aren’t coming from Go Daddy’s end of the wire.

“We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems,” Gerlach wrote.

As an addendum, Gerlach recommends US and Canadian users of Go Daddy’s service implement two-factor authentication to add an additional layer of security to their accounts.

In September, millions of sites hosted by Go Daddy were knocked offline in what was thought to have been a massive distributed denial of service (DDoS) attack. The company’s CEO shot back, claiming internal issues that ultimately “corrupted router data tables” lead to the outtage and that customer data was never at risk of being hacked.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.