UConn Website Hijacked and Used to Spread Fake Flash Player Containing Malware

Posted on

University of Connecticut loses control of its DNS entries.The official Web portal of the University of Connecticut was compromised on Sunday and used to spread malware to all visitors, masqueraded as a fake Adobe Flash Player update, The Daily Campus reports.

According to UConn deputy spokesman Tom Breen, on Sunday, the third day of Christmas, December 27, at around 11:00 AM, the nonprofit organization Educause, who manages UConn’s website, lost control of the site’s DNS entries.

UConn was the victim of a simple DNS hijacking attack

DNS entries are simple “domain name – IP address” pairs that tell Internet browsing software from where to download the content of a desired website.

Attackers managed to hijack the university’s DNS listing and point all users accessing the uconn.edu URL to the wrong server, one controlled by the attackers.

Here, a blank page would be served to all users, and immediately as the site loaded, a popup would appear asking users to download a newer version of the Adobe Flash Player to be able to continue.

Users that clicked OK in the popup would download a file named adobe_flashplayer_18.exe, containing malware.

Officials resolved the issue by the second day

University staff were quickly alerted and managed to regain access to their DNS records. Their efforts were delayed because the MX records that were responsible for all @uconn.edu email addresses were also corrupted, which made it hard to contact the ISP with an email coming from an official address.

All things returned to normal by the second day, when most DNS servers phased out the malicious uconn.edu DNS entry, which remained stored in their cached entries for a few more hours.

DNS hijackings are common, and in the past, many high-profile companies have fallen victims to such attacks. One of the biggest such incidents this year was when domain registrar eNom lost control of four of its DNS servers. The attack was short-lived but affected a large number of clients.

Popup that appeared on UConn’s website

Popup that appeared on UConn's website


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s