Hacked MIT Server Used to Stage Attacks, Scan for Vulnerabilities

Pierluigi Paganini November 06, 2011

Bitdefender reseachers have discovered a number of brute force attacks against several web site. The attacks have been done using a server at the Massachusetts Institute of Technology (MIT).

The hacking attack against the MIT.edu infrastructure started with a malicious script on one MIT server.  One MIT server (CSH-2.MIT.EDU) hosts a malicious script actively used by cyber-crooks to scan the web for vulnerable websites

The crawler searches the MIT infrastructure looking for vulnerable versions of PHPMyAdmin and will try to gain admin rights in order to inject a SQL query into the database. Successfully attacked web sites will have a folder called “muieblackcat” on them.

The MIT infrastructure has been used because it is highly likely to by pass  firewalls from this source, they obviously accept traffic from MIT.edu as legit.


you might also like

leave a comment