Hacked MIT server is blamed for brute force web site attacks

SECURITY FIRM Bitdefender has traced a number of brute force web site attacks on a server at the Massachusetts Institute of Technology (MIT),

A report on the firm's security blog, called Malware City, claims that a hacking attack against the MIT.edu infrastructure started with a malicious script on one MIT server.

"Judging by initial data, one MIT server (CSH-2.MIT.EDU) hosts a malicious script actively used by cyber-crooks to scan the web for vulnerable websites," says the blog, based on work done by Bitdefender virus analyst Doina Cosovan.

"It is currently unknown how the crawler bot was planted on the MIT server, but it is certain that it probes the web for hosting accounts that come with a vulnerable version of PHPMyAdmin, the popular database frontend for MySQL servers."

The crawler searches the MIT infrastructure looking for vulnerable versions of PHPMyAdmin and will try to gain admin rights in order to inject a SQL query into the database. Successfully attacked web sites will have a folder called "muieblackcat" on them.

"An infrastructure the size of MIT.edu is not only guaranteed to have huge bandwidth to carry thousands of malicious requests per second, but is also a good way to evade firewalls that obviously accept traffic from MIT.edu as legit," says the report.

"This explains the interest crooks have always shown in redirecting attacks towards sites registered in this domain or other trusted ones to involve them, for instance, in promoting illegal merchandise or dubious content." µ