Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Crime Spam News IT

Hacked MIT Server Used To Stage Attacks 75

Posted by timothy from the always-hurt-the-ones-you-love dept.
wiredmikey writes "A compromised server at the Massachusetts Institute of Technology (MIT) has been identified as being used as a vulnerability scanner and attack tool, probing the Web for unprotected domains and injecting code. According to researchers, the ongoing attacks appear to be related to the Blackhole Exploit Pack, a popular crime kit used by criminals online. The attacks started in June, and an estimated 100,000 domains could have been compromised. Judging by initial data, one MIT server (CSH-2.MIT.EDU) hosts a malicious script actively used by cyber-crooks to scan the web for vulnerable websites. These types of attacks are how BlackHat SEO scams are propagated, which target search results in order to spread rogue anti-virus or other malware. In addition, compromised hosts are also leveraged for other schemes, such as spam or botnet control."
This discussion has been archived. No new comments can be posted.

Hacked MIT Server Used To Stage Attacks More

Hacked MIT Server Used To Stage Attacks

Comments Filter:

  • Let me guess, it wasn't running OpenBSD. (Score:1, Funny)

    by Anonymous Coward on Sunday November 06, 2011 @07:53PM (#37969198)

    These kind of exploits just don't happen when you're running OpenBSD. OpenBSD is THE ONLY safe option for any publically-accessible server.

  • Re:Let me guess, it wasn't running OpenBSD. (Score:5, Funny)

    by Xugumad ( 39311 ) on Sunday November 06, 2011 @08:01PM (#37969252)

    If you think OS choice is the biggest issue with academic network security, you clearly haven't met enough academics...

  • "Hacked" (Score:4, Funny)

    by Baloroth ( 2370816 ) on Sunday November 06, 2011 @08:51PM (#37969514)
    Are we quite sure this server was hacked? I wouldn't put it past some college student, or possibly even a network admin, to do this personally. While that may technically still be "hacking", it wouldn't qualify for it in the popular-media definition (which is the way TFA seems to be using it... or maybe not, maybe the writer is using the term deliberately.) The proper term is "cracked."

  • The last time I was attacked by MIT... (Score:5, Funny)

    by billstewart ( 78916 ) on Sunday November 06, 2011 @10:19PM (#37969904) Journal

    I used to keep a couple of honeypot open servers on the DSL line in my lab in the late 90s. Nobody ever bothered the Win95 box, but the unpatched Red Hat 6.x box was broken into and brutally killed enough weeks in a row I ended up naming it "Kenny". It got attacked by some machine in Sweden and was pinging home to check in and receive further commands, so I and the admin there cleaned up our machines. I forget if the attack on the wu-ftpd daemon came from Washington University or was used to attack them. The bad guy thought they had covered their tracks by replacing the ps and ls commands, but I noticed their extra directories with "find", and their processes with "echo /proc/*" :-)

    So one week the attack was coming from MIT. I tried going through mit.edu's website to find a sysadmin to talk to, didn't get a response, so I sent email to a security researcher I knew there, who already knew about the problem. It turns out that the attack wasn't actually from MIT - it was from somebody in Japan who was using a compromised Sun server, and there was a byte order problem in the attack code. So the attacker wanted my machine to be pinging him at x.y.z.18, but instead my responses were going to 18.z.y.x at MIT.

Slashdot Top Deals

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Close