Threat actors took over the domain name perl.com and pointed it to an IP address associated with malware campaigns.
Attackers have taken over the official domain name of The Perl Foundation perl.com and pointed it to an IP address associated with malware campaigns. Users are recommended to avoid visiting the domain.
The domain Perl.com was created in 1994 and was the official website for the Perl programming language, it is registered with the registrar key-systems(.)net.
“The perl.com domain was hijacked this morning, and is currently pointing to a parking site. Work is ongoing to attempt to recover it.” reads the announcement published on the Perl NOC.
“We encourage you NOT to visit the domain, as there are some signals that it may be related to sites that have distributed malware in the past.”
The attackers changed the IP address from 151.101.2.132 to 35.186.238[.]10.
After the hackers took over the site, it was displaying a blank page whose HTML contains Godaddy parked domain scripts.
Shortly after the domain hijacking, perl.com was offered for sale for $190k on afternic.com.
Users have to avoid using perl.com as CPAN mirror and can update their mirror in CPAN.pm use o conf urllist http://www.cpan.org/
# perl -MCPAN -eshell cpan shell -- CPAN exploration and modules installation (v2.20) Enter 'h' for help. cpan[1]> o conf urllist http://www.cpan.org/ Please use 'o conf commit' to make the config permanent! cpan[2]> o conf commit commit: wrote '/root/.cpan/CPAN/MyConfig.pm'The 35.186.238[.]101 was associated with a domain employed in malware campaigns, including the distribution of Locky ransomware.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, domain hijacking)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Threat actors took over the domain name perl.com and pointed it to an IP address associated with malware campaigns.
Attackers have taken over the official domain name of The Perl Foundation perl.com and pointed it to an IP address associated with malware campaigns. Users are recommended to avoid visiting the domain.
The domain Perl.com was created in 1994 and was the official website for the Perl programming language, it is registered with the registrar key-systems(.)net.
“The perl.com domain was hijacked this morning, and is currently pointing to a parking site. Work is ongoing to attempt to recover it.” reads the announcement published on the Perl NOC.
“We encourage you NOT to visit the domain, as there are some signals that it may be related to sites that have distributed malware in the past.”
The attackers changed the IP address from 151.101.2.132 to 35.186.238[.]10.
After the hackers took over the site, it was displaying a blank page whose HTML contains Godaddy parked domain scripts.
Shortly after the domain hijacking, perl.com was offered for sale for $190k on afternic.com.
Users have to avoid using perl.com as CPAN mirror and can update their mirror in CPAN.pm use o conf urllist http://www.cpan.org/
# perl -MCPAN -eshell cpan shell -- CPAN exploration and modules installation (v2.20) Enter 'h' for help. cpan[1]> o conf urllist http://www.cpan.org/ Please use 'o conf commit' to make the config permanent! cpan[2]> o conf commit commit: wrote '/root/.cpan/CPAN/MyConfig.pm'The 35.186.238[.]101 was associated with a domain employed in malware campaigns, including the distribution of Locky ransomware.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, domain hijacking)