A federal government database that stores malicious viruses and cyber-attacks has been taken offline following the detection of a hacker attack on its servers. The database is meant to provide an early warning of Internet infiltration by new viruses.
Viewed as the Bible of virus and malware information, the National Vulnerability Database's (NVD) website of the National Institute of Standards and Technology (NIST) was taken down on March 8 following the discovery of malware on two of its servers.
Finnish security researcher Kim Halavakosk asked the NIST, via email, for an explanation as to why the database has gone offline.
NIST spokeswoman Gail Porter replied that the site was offline because “a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet,” Halavakosk said in a post to his Google+ account.
The malware that caused the shutdown took advantage of vulnerabilities in Adobe ColdFusion to infiltrate the NDV, the Register reports. Both servers were compromised for at least two months before a firewall detected them. A patch is now available from Adobe to fix the issue.
Porter elaborated on the investigation, saying, “currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites,” assuring Halavakosk that the servers would be back online as soon as possible, though she gave no specific timeframe.
The threat of hacker attacks on US industrial and government infrastructure has become a growing problem in recent months.
On Monday, White House national security adviser Tom Donilon implored Chinese officials to stop hackers within their borders from engaging in industrial espionage by breaking into American computer systems.
Washington’s reaction follows a threat assessment study by American computer security firm Mandiant, which concluded that an elite military group of Chinese hackers – the People's Liberation Army Unit 61398 – has been engaged in ferocious cyber-espionage against the US. In the last seven years, it has allegedly hacked 141 companies across 20 major industries, including those vital to national security.
The Mandiant probe comes alongside revelations by dozens of American companies into illegal breaches of their servers. Facebook and Apple said hackers bypassed their systems while The New York Times and the Wall Street Journal hinted that Beijing had accessed their networks to keep tabs on journalists writing about China.