Cryptome.org hacked, unwillingly served malware to IE users

Famed whistleblower site Cryptome.org was hacked and infected with the nefarious Blackhole toolkit, unwittingly serving malware code targeting Windows machines that forced a complete restoration of the site by its owners.

New York based architect and scholar John Young, who launched the site many years ago, explained that the Blackhole code was found embedded into “every HTML file in the Cryptome main directory”, forcing a complete restoration from a clean copy of all the 6.000 files on the server.

The malware that was placed into Cryptome web code was designed to test the visitor’s browser in search of any available vulnerabilities before downloading a malicious executable file on the visitor’s computer. Apparently the malware only targeted Microsoft Internet Explorer users.

The complete restoration of the Cryptome files took some time, and now the service is completely clean. Furthermore, security research “mrkoot” has put together additional technical notes about the attack on his site.

The new attack against the Cryptome.org server is particular worrisome considering how sensitive the type of documents managed by its owners is. Founded in June 1996, the whistleblower site started collecting and publishing “prohibited” and even classified documents (freedom of expression, privacy, cryptology, intelligence, and more) way before Wikileaks became a worldwide media sensation.

Report a problem with article
Previous Story

Nokia Lumia 610 passes certification, amid Tango speculation

Next Story

Microsoft CFO: Windows 8 key to cross-platform plans

10 Comments

Commenting is disabled on this article.

Frankenchrist said,
But but bit IE is soooooooo safe! Amazing people still use it to this day. Einstein was right...

Read this Mr Genius:

http://www.neowin.net/news/cha...safest-computing-experience

http://www.theregister.co.uk/2...e_firefox_security_bakeoff/

"Their conclusion: Chrome is the most secured browser, followed closely by Microsoft IE. Mozilla's open-source Firefox came in third, largely because of its omission of a security sandbox that shields vital parts of the Windows operating system from functions that parse JavaScript, images and other web content"


btw, the article is misleading, as blackhole doesn't exploit any 0day flaw in IE.
It only exploits outdated browsers and plugins, including flash on firefox, since it is not sandboxed, as opposed to IE.

I Feel sorry for everyone that hasn't updated their java or still has it enabled in their browser or doesn't sandbox their internet actively.

warwagon said,
I Feel sorry for everyone that hasn't updated their java or still has it enabled in their browser or doesn't sandbox their internet actively.

Good old Java. It needs to be abolished.

warwagon said,
I Feel sorry for everyone that hasn't updated their java or still has it enabled in their browser or doesn't sandbox their internet actively.

What has java got to do with any of this? Looks like the site was on php and the hack was some javascript vulnerability in IE. Java it seems is merely used to download some more malicious files. ActiveX + IE is a far more deadly combination than outdated client java ever will be.

recursive said,

ActiveX + IE is a far more deadly combination than outdated client java ever will be.

You have absolutely no idea what you're talking about.

ActiveX controls are the equivalent of NPAPI plugins on firefox and chrome. An activex control is NOT more dangerous than an NPAPI plugin. They are basically the same thing.

Activex plugins are even more secure than firefox npapi plugins (like flash) since they are sandboxed since ie7/vista.

However java always run out of the browser sandbox, no matter what browser you use.

So, a java vulnerability is extremely dangerous, even for chrome and firefox users.

... And the blackhole exploit kit mentioned in this article DOES exploit flaws in java. It doesn't exploit any imaginary activex flaw (the flaws always lie in the plugins, not in NPAPI or activex)