Hackers Compromised MIT(Massachusetts Institute of Technology) Server in order to launch cyber attack on other sites.
"One MIT server (CSH-2.MIT.EDU) hosts a malicious script actively used by cyber-crooks to scan the web for vulnerable websites," BitDefender Researchers said.
The malicious script searched for vulnerable installations of phpMyAdmin, a popular Web-based database administration tool.
PHPMyAdmin is used by web developers and site administrators to connect and perform specific SQL operations over the web, such as creating, reading, updating and deleting information from the database. Our information shows that the vulnerable versions of PHPMyAdmin range from 2.5.6 to 2.8.
Once it find vulnerable version of phpMyAdmin , it launch SQL Injection attack to gain admin privileges. If the website is successfully compromised, the crawler leaves behind foler called "muieblackcat"- a mutex that acts as a mark of infection(Blackhole Exploit Pack).
BitDefender said that it tried to alert MIT about the security breach on their server, but received no reply.
According to BitDefender report the server is still online, but no longer attack any sites ." As a top level reliable domain, .edu is primarily used by educational institutions in America and other trustworthy organizations. A trackback from such a domain is a vote of confidence for an article, a blog, an entire site, or even an institution. In short, an infrastructure the size of MIT.edu is not only guaranteed to have huge bandwidth to carry thousands of malicious requests per second, but is also a good way to evade firewalls that obviously accept traffic from MIT.edu as legit." Doina Cosovan,BitDefender VirusAnalyst.
