27 Nov 2012

Go Daddy Takes Swing at Hosted Accounts Spreading Malware


Go Daddy customers have had a bad year, as the massive DNS outage in September and the core router failure later caused two significant outages. The series of incidents continued with an apparent phishing attack against company customers which ended up with multiple domains routed to ransomware-planting pages.

Now, Go Daddy is helping affected customers by fixing the rogue DNS entries and securing compromised user accounts with new passwords, according to company officials.

“We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems,” Scott Gerlach, Go Daddy’s director of information security operations, said in an interview for The Next Web.

Apart from fresh, not blacklisted domain names, FTP accounts are also essential for cyber-criminal operations, as crooks host their malicious creations at these compromised locations. Most of the time, they gain unauthorized access by keylogging the victim’s computer, phishing the users or even by sniffing FTP connections over unencrypted connections.

Users who are required to connect to FTP accounts should log in via a secure FTP connection and to deploy an antivirus solution on the machine they use. Not only should that detect malware already running on the PC, but it will also block phishing attempts before the credentials are given to the attacker.