NIST, US government's vulnerability database, brought down by ironic malware

Filed Under: Featured, Malware, Security threats, Vulnerability

NIST-Logo_170The US's national vulnerability database has been offline for days thanks to a multi-server infection by severely ironic malware.

Kim Halavakoski, chief security officer at Crosskey Banking Solutions, broke the news Wednesday night on his Google+ page.

Kim Halavakoski - Google+

Halavakoski said that he was trying to research vulnerability information from the National Vulnerability Database (NVD) and other websites operated by the National Institute of Standards and Technology (NIST).

Instead of results, he got what was still showing up as of Friday morning: a "Page not available" message.

Page not available

When he asked NIST what was up, a spokeswoman told him that the organization doesn't know when the database will be back up, but they're sweating bullets to get it back fast.

According to her statement, the public-facing NVD site and other NIST-hosted sites were taken offline when NIST discovered malware on two servers on Friday night.

NIST took the servers offline after a firewall picked up on suspicious activity and blocked "unusual" traffic from reaching the internet.

While investigating the malware, NIST discovered an unspecified software vulnerability.

So far, nothing vile has seeped out as a result. NIST says:

Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites. NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services.

An interesting note: in a subsequent post Thursday morning, Halavakoski noted that a site report shows that the day after NIST detected the malware, it switched its sites from IIS 7.5 to Linux and Apache.
Kim Halavakoski - Google +At any rate, beyond the Microsoft vs. open-source debate, the hack of a database that catalogs vulnerabilities is little short of "pure evil", to borrow Halavakoski's summation.

Those hackers really know how to hurt a security guy/girl. Good luck wiping your servers clean, NIST.


Images from Kim Halavakoski

, , , , , ,

You might like

3 Responses to NIST, US government's vulnerability database, brought down by ironic malware

  1. Umberto Gigante · 595 days ago

    The site nvd.nist.gov was offline (with IIS error page) at 17.00.
    Now (17.19) it is online. The parameter "Server" in the HTTP Header is "Microsoft-IIS/7.5".

  2. Kim Halavakoski · 594 days ago

    As you all might have noticed, the NVD is up and running and providing the vulnerability information once again. Hopefully without malware.

    Also, check out my apology to Gail here: https://plus.google.com/106350285372295328202/pos...

  3. Guest · 594 days ago

    Nice that everyone took the care to block out their own e-mail but someone couldn't be kind enough to the unassuming NIST employee and scrub that one in similar fashion prior to in a similar fashion prior to publishing.

    As for the penetration, nice bit of work someone has accomplished. Ramifications of "where can I go that's safe" will be felt for a while.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.