Cryptome hacked

[Eugen Leitl]

http://www.h-online.com/security/news/item/Whistleblowing-platform-used-to-spread-malware-1434267.html

Whistleblowing platform used to spread malware

Cryptome.org logo

Whistleblowing platform cryptome.org has been hacked and used to spread
malware. Unknown perpetrators gained access to the server and used the Black
Hole 12 exploit toolkit to infect all of its HTML pages (of which there are
many thousands). The JavaScript toolkit identifies a user's browser and
operating system before attempting to exploit a range of vulnerabilities to
inject malicious code onto their system.

In this case, Black Hole appears to have been configured only to attack
Internet Explorer. A log file containing around 2,900 IP addresses was found
on the server and may offer some indication of the number of systems
infected.

It is not clear how the attackers were able to penetrate the server. The
cryptome.org team has published a harmless extract of the malicious code and
is asking for assistance in analysing it. Some initial thoughts have already
been received. One user has suggested that the attacker may have used the
WebDAV interface to modify the HTML files.

The cryptome.org team is currently busy disinfecting the affected files,
around 80% of which are now back online.