2013-03-14: (Updated) US National Vulnerability Database Hacked
Level Three Attack
The Register reports that the US National Vulnerability Database, a website that catalogues software vulnerabilities, discovered that two of its servers were infected by malware. The servers were taken offline to try and solve the problem, and US-NVDB representatives say that the website was not serving malware to the end users. Presumably, though, the intent of the attackers was to set up a "watering hole" type attack against members of the Security industry.
Update 2: NoVA Infosec reports that a ColdFusion vulnerability led to the malware infection at NIST, and that it had been infected for over two months. They describe it as "the ultimate watering hole attack", and because it was against NVD and a few other sites hosted on the same systems, I am moving this back up to a Level Three Attack.
Updated: I downgraded this to a Level Two Attack after originally classifying it as a Level Three. Two reasons - the attack was intercepted, and it was only against a single target. If more information comes to light, I might ramp it back up to a Level Three. It also appears that their server was running on Windows Server 2008 until March 7th of this year.
- The Register: US national vulnerability database hacked; Malware infection forces government vuln catalog offline
- Google+: Status Update from user Kim Halavakoski
- ArsTechnica: National Vulnerability Database taken down by vulnerability-exploiting hack
- (New) NoVA InfoSec: ColdFusion Vuln Led to NIST NVD Malware Infestation Over Two Months Ago