University of Connecticut loses control of its DNS entries.The official Web portal of the University of Connecticut was compromised on Sunday and used to spread malware to all visitors, masqueraded as a fake Adobe Flash Player update, The Daily Campus reports.
According to UConn deputy spokesman Tom Breen, on Sunday, the third day of Christmas, December 27, at around 11:00 AM, the nonprofit organization Educause, who manages UConn’s website, lost control of the site’s DNS entries.
UConn was the victim of a simple DNS hijacking attack
DNS entries are simple “domain name – IP address” pairs that tell Internet browsing software from where to download the content of a desired website.
Attackers managed to hijack the university’s DNS listing and point all users accessing the uconn.edu URL to the wrong server, one controlled by the attackers.
Here, a blank page would be served to all users, and immediately as the site loaded, a popup would appear asking users to download a newer version of the Adobe Flash Player to be able to continue.
Users that clicked OK in the popup would download a file named adobe_flashplayer_18.exe, containing malware.
Officials resolved the issue by the second day
University staff were quickly alerted and managed to regain access to their DNS records. Their efforts were delayed because the MX records that were responsible for all @uconn.edu email addresses were also corrupted, which made it hard to contact the ISP with an email coming from an official address.
All things returned to normal by the second day, when most DNS servers phased out the malicious uconn.edu DNS entry, which remained stored in their cached entries for a few more hours.
DNS hijackings are common, and in the past, many high-profile companies have fallen victims to such attacks. One of the biggest such incidents this year was when domain registrar eNom lost control of four of its DNS servers. The attack was short-lived but affected a large number of clients.