‘Lizard Squad’ hacking attempt at Munim.in
Off lately, our website has been malfunctioning and had turned pretty slow. We had tried multiple levels of indexing but without any improvement until we received a mail from Ministry of Communications and Information Technology that "www.munim.in“ is compromised and hosting malicious code. On further probing and investigation we came to know that there has been a hacking attempt by Chinese hackers ‘Lizard Squad’.
Ministry of Communications and Information Technology has taken this issue with great gravity and helped us in retrieving/modifying our website and further we have protected our website with high level security standards approved by Web Application Security Consortium (WASC). We would like to thank you all for all your patience with our website and Ministry for timely information and help.
Letter from Ministry of Communications and Information Technology
Ref No: CERTIn-211221796
We have received reports that the website "www.munim.in“ is compromised
and hosting malicious java_script/IFRAME snippets. This causes visitors of
your websites unknowingly redirected to malicious
websites which downloads malicious Trojan into their computers.
Details of the affected pages/page:
ht*p://munim[d0t]in/
ht*p://www[d0t]munim[d0t]in/
ht*p://www[d0t]munim[d0t]in/
ht*p://www[d0t]munim[d0t]in/
ht*p://www[d0t]munim[d0t]in/
ht*p://www[d0t]munim[d0t]in/
Note: (added * and [d0t] to prevent the link from working)
You are requested to take following immediate actions:
• Search your Web pages (html, asp jsp, js etc) for obfuscated malicious
content.JavaScript/VBScript/
are embedded in the source code of the Web page associated to an
IFRAME/script tag.
• Remove the below malicious contents (java scripts/vbscripts/IFRAMES)
that are injected by the attackers in all the above listed web-page.
• Search for a hidden folder .sys and delete the same, if found.
• Site administrators are advised to Check htaccess, php_includes, and
other configuration settings, as well as ensuring directory permissions are
set appropriately.
• Users may consider using a firefox addon "NoScript" which pre-emptively
blocks malicious scripts and allows JavaScript, Java and other potentially
dangerous content only from the user trusted sites.
• Scan the system with Anti-virus/Anti-spyware.
• Change FTP credentials (if any) for the administrators to upload
content into your website and secure the same.
• Review the security of your Web Server and website for application and
Operating System vulnerabilities and apply appropriate patches/updates.
• Implement information security best practices such as “Use Signed
Scripting”.
• It is recommended to avoid internet browsing and remove all file shares
on the Web Server.
• Refer to the given below link for Google webmaster's help for the
hacked site.
ht*tp://www[d0t]google[d0t]
- --
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail : incident@cert-in.org.in
Phone : 1800-11-4949
FAX : 1800-11-6969
Web : http://www.cert-in.org.in
PGP Fingerprint : 4871 0429 EB42 0423 4E6A FAD6 B2D5 5C16 9E34 6D2C
PGP Key information:
http://www.cert-in.org.in/
Postal address:
Indian Computer Emergency Response Team
Department of Information Technology
Ministry of Communications and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
_________________________
Dear Sir/Madam,We have received reports that the website "www.munim.in“ is compromised
and hosting malicious java_script/IFRAME snippets. This causes visitors of
your websites unknowingly redirected to malicious
websites which downloads malicious Trojan into their computers.
Details of the affected pages/page:
ht*p://munim[d0t]in/
ht*p://www[d0t]munim[d0t]in/
ht*p://www[d0t]munim[d0t]in/
ht*p://www[d0t]munim[d0t]in/
ht*p://www[d0t]munim[d0t]in/
ht*p://www[d0t]munim[d0t]in/
Note: (added * and [d0t] to prevent the link from working)
You are requested to take following immediate actions:
• Search your Web pages (html, asp jsp, js etc) for obfuscated malicious
content.JavaScript/VBScript/
are embedded in the source code of the Web page associated to an
IFRAME/script tag.
• Remove the below malicious contents (java scripts/vbscripts/IFRAMES)
that are injected by the attackers in all the above listed web-page.
• Search for a hidden folder .sys and delete the same, if found.
• Site administrators are advised to Check htaccess, php_includes, and
other configuration settings, as well as ensuring directory permissions are
set appropriately.
• Users may consider using a firefox addon "NoScript" which pre-emptively
blocks malicious scripts and allows JavaScript, Java and other potentially
dangerous content only from the user trusted sites.
• Scan the system with Anti-virus/Anti-spyware.
• Change FTP credentials (if any) for the administrators to upload
content into your website and secure the same.
• Review the security of your Web Server and website for application and
Operating System vulnerabilities and apply appropriate patches/updates.
• Implement information security best practices such as “Use Signed
Scripting”.
• It is recommended to avoid internet browsing and remove all file shares
on the Web Server.
• Refer to the given below link for Google webmaster's help for the
hacked site.
ht*tp://www[d0t]google[d0t]
- --
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail : incident@cert-in.org.in
Phone : 1800-11-4949
FAX : 1800-11-6969
Web : http://www.cert-in.org.in
PGP Fingerprint : 4871 0429 EB42 0423 4E6A FAD6 B2D5 5C16 9E34 6D2C
PGP Key information:
http://www.cert-in.org.in/
Postal address:
Indian Computer Emergency Response Team
Department of Information Technology
Ministry of Communications and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
This comment has been removed by the author.
ReplyDeleteVery special thanks for this blog post.you contribute alot in this. We are the best Digital signature provider in Delhi
ReplyDeleteThanks for This Article on blog commenting. Apply Digital Signature in Chennai
ReplyDeleteSuperb and really very good informative blog. Class 3 Digital Signature
ReplyDeleteThanks for this useful article. Digital Signature in Ghaziabad
ReplyDeleteFirst of all thanks to the blogger for sharing and giving useful information. Digital Signature In Mumbai
ReplyDeleteAwesome article on blog commenting, keep up the good work Thank you. Digital Signature in GST
ReplyDeleteValuable and helpful advice. Thanks! Detective Agency in Faridabad
ReplyDelete