UConn Website Compromise Plugs Malware Download Prompt
The University of Connecticut’s website was the target of a cyberattack on Sunday, prompting visitors with a dialog box to download a malicious program pretending to be an updated version of Adobe’s Flash Player.
The official website of the University of Connecticut was the subject of a compromise late Sunday, according to the University’s newspaper, the Daily Campus.
While technical staff claim to have resolved the issue, visitors continued to experience the malware-laced dialog box for “some time”. In an emailed statement to the newspaper, UConn deputy spokesman Tom Breen also stated that it is yet unclear as to how long the problem will linger, noting that “the impact wasn’t uniform” on all Internet service providers.
Notably, Breen added that the University does not see the incident impacting the start of winter intersession classes that commence Monday.
A DNS Compromise
As revealed by Breen, the website’s DNS records were compromised around 19:15. The exploit occurred after Educause, the non-profit tasked with the maintenance of the DNS records saw the records changed to revert website users to a different location to the server hosting content for UConn’s website.
The exploit also extended to the website’s MX records that link [email protected] email accounts to the university’s server. Brenn told the publication that this hijack prevented the university’s staff to initially update the DNS records to revert back to UConn’s server rather than the one hosting the malware, with the sticking point being verification via email to authorize changes.
Although officials were eventually able to restore the default DNS records, cached changes ensured that problems persisted for visitors, who will have to wait until every ISP updates the information again.
Speaking to the publication, Breen stated:
Final resolution of the issue depends on the timeouts of various caches, from provider servers all the way down to individual computers.
A spokesperson for UConn wasn’t immediately available at the time of publishing when Hacked reached out for additional information about the compromise.
Featured image from Wikimedia.