Hackers recently exploited a flaw in the cPanel hosting control panel to gain access to four Web hosts including HostGator, and take control of Windows-based machines using Internet Explorer, in an attack that lasted from late Thursday to Saturday afternoon. The hackers placed an iframe script in Web sites that directed some visitors to malicious addresses that would infect them.
The VML hole and other similar zero-day vulnerabilities, enable criminals to install spyware and other malware onto machines. The criminals behind the cPanel attack deployed this tactic, using a previously unknown vulnerability in cPanel to gain access to hundreds or thousands of servers that supply Web pages.
Dave Koston, an operations manager at cPanel, says the company patched the hole within an hour of it being brought to its attention. An update has since been passed along to the majority of servers that use cPanel. Koston also adds that the attackers would have needed a working account with each Web host in order to exploit the vulnerability.
HostGator owner Brent Oxley says some 200 HostGator servers were accessed, but he was unable to estimate how many of the sites were affected. He says the hackers used the cPanel vulnerability to access HostGator servers more than a month ago, and then kept a low profile before striking last week.
The iframe script redirected visitors using Internet Explorer, the only browser vulnerable to the VML flaw, while visitors using other browsers went unaffected. An estimated 20,000 sites are attempting to exploit the vulnerability, says Eric Sites, vice president of Sunbelt Software, the company that first discovered the flaw.