Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

DNS attack hijacks payment website

Acrobat flaw exposed.

By Robert McMillan, IDG News Service | Published: 10:47, 04 December 2008

The Domain Name System (DNS) record for payment processor CheckFree was hijacked earlier this week, allowing online criminals to control of the company's website and redirect visitors to their own server.

The site was redirected at around 12:30 a.m. Eastern Time on Tuesday after someone logged into CheckFree's Network Solutions account and changed the domain's DNS settings, said Susan Wade, a Network Solutions spokeswoman. "Somebody got hold of the customer's login information," she said. "I don't know how they got access."

By changing the domain's DNS settings, the criminals were able to redirected Internet traffic to their own server.

CheckFree regained control of the account around 5:00 a.m. and fixed the settings, Wade said.

In a statement, CheckFree said that by 10:10 a.m. the rogue site's Internet service provider had "isolated the non-CheckFree site so that no subscribers could connect to it."

While it was active, the site tried to install malicious software on victims' computers, CheckFree said.

"During the incident, users would have seen a blank page if they were redirected to the non-CheckFree site. Those with up-to-date security software would likely have received a message indicating a malware download attempt had occurred," the company said. "If the user's anti-virus software was out of date or they did not have anti-virus software installed, they may have been subject to a malware software download."

The attack targeted flaws in Adobe Acrobat and Adobe Reader, CheckFree said.

CheckFree is advising its customers to download antivirus software and the latest updates to Adobe Reader, used to view pdf files.

CheckFree has about 12,000 locations in the US where customers can walk in and pay bills in person. It accepts payments for services such as utilities, credit cards and mobile phones. The company's website can be used to pay bills too, however.

This isn't the first time Network Solutions' account credentials have been used to seize control of a website. In May, hackers used a similar technique to knock Comcast.net off-line for several hours.

News of the CheckFree hack was first reported in the Register after a reader noticed a problem with the website.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.