Malware Infection Suspected at Internet Systems Consortium (ISC)

By   ISBuzz Team
Writer , Information Security Buzz | Jan 04, 2015 05:04 pm PST

The Internet Systems Consortium, better known as ISC, thinks it might have had a malware infection.

That’s the organisation responsible for BIND, a DNS server that is very widely used in production, even though it’s officially just a so-called reference implementation.

As you probably know, DNS, short for Domain Name System, is the intergalactic duct tape that holds the internet together.

Without DNS, you’d have to remember a numeric identifier, such as 31.​222.​175.​174 or 2a03:​2880:​2130:​cf05:​face:b00c::1, for every website you wanted to visit.

Free eBook: Modern Retail Security Risk – Get your copy now.

Human-friendly names like and are only possible with DNS.

Interestingly, Paul Vixie, founder of the company that led to the ISC, and chief author of the BIND source code, publicly declared about four years ago that the anti-virus industry was “dud.”

But the ISC seems to have moved on since then, as it is now officially recommending a virus check if you have visited its website lately:

We believe the web site may have become infected with malware. Please scan any machine that has accessed this site recently for malware.

The explanation, such as it is, goes on to blame the parts of ISC’s network that run WordPress, but it doesn’t yet say what went wrong.

What might have happened?

Typical hacking and malware problems with WordPress installs, if you’d like to review your own WordPress setup, include:

– Unpatched WordPress software or plugins, leaving known security holes open for attackers.
Poor password hygiene, including weak passwords, shared or re-used passwords, and no two-factor authentication.
Poisoned third-party content such as adverts served from external servers.
Overly-liberal access controls giving too much power to too many users.

The good news is that ISC is being pretty straightforward on its holding page, even if it doesn’t yet know exactly what happened or how far the crooks penetrated.

They think they had malware, and they’ve said so without beating around the bush.

It would be useful to hear what malware was found, so let’s hope ISC can work out how the breach unfolded.

To read more about this incident, please read the original article on Naked Security here.

By Paul Ducklin, Security Proselytiser, Naked Security | @duckblog

paul ducklinPaul Ducklin is a passionate security proselytiser. (That’s like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director’s Award for Individual Excellence in Computer Security in 2009.

About Naked Security

naked securityNaked Security is Sophos’s award-winning threat news room, giving you news, opinion, advice and research on computer security issues and the latest internet threats.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x