Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

ICANN Web Site Compromise

Date:06.27.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ has received reports that the official website of ICANN and IANA Domains have been hijacked by a Turkish group called “NetDevilz”. ICANN and IANA are responsible for the Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code Top Level Domain Name System management, and root server system management functions. NetDevilz is the same group that has hijacked many other domains listed here: Zone-H Attack Archive.

The ICANN and IANA web sites were defaced and left the following message: “You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us? haha :) (Lovable Turkish hackers group)”

Zone-H Archived Defacement.

The following domains were hijacked, and some of them still return the defaced pages - http://icann.***; http://icann.^^^; http://iana-servers.@@@; http://internetassignednumbersauthority.!!!; http://iana.&&&. These sites are redirecting visitors to http://atspace.%%%. So far, none of these DNS hijacks served any malware or live exploits.

References:
http://securitylabs.websense.com/content/Blogs/3118.aspx
http://ddanchev.blogspot.com/2008/06/icann-and-ianas-domain-names-hijacked.html


Websense Messaging and Websense Web Security customers are protected against this attack.