Go Daddy blames phishing (not security hole) for some sites pushing malware
On Friday, we wrote about how cybercriminals altered the DNS records of Go Daddy sites to serve up malware that demands ransom from victims. The company said it wouldn’t be able to get back to us till Monday, and now it has, mainly to say it is not at fault.
Here’s the full statement, courtesy of Scott Gerlach, Go Daddy’s Director of Information Security Operations:
Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names. We have been identifying affected customers and reversing the malicious entries as we find them. Also, we’re expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware.
We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems.