Connect with us

Cyber Security

Perl-clutching hijackers appear to have seized control of 33-year-old programming language’s .com domain

Published

on

Unless the venerable language has finally breathed its last – which is more than a little unlikely – the Perl.com domain was hijacked yesterday.

A warning went up on the perl.org infrastructure weblog overnight notifying users that perl.com now directed to a parking site and advised against visiting “as there are some signals that it may be related to sites that have distributed malware in the past.”

Seems a bit of a harsh description of Perl. We at El Reg are big fans after all.

The site later returned an ERR_CONNECTION_CLOSED error message.

Snark aside, the hijack appears to have followed the age-old path of an attacker pouncing on a compromised account and swiping the domain rather than a simple expiration.

Posting on Reddit, Brian Foy, an editor on the site and author of several books on Perl, said: “It looks like there was an account hack. I don’t know how long that would take to rewind. We’re looking for people who have actual experience dealing with that situation so we can dispute the transfer.”

Perl.org is unaffected by the swipe.

A glance at the domain records show the contact information is now “REDACTED FOR PRIVACY”. Gordon Lawrie – a self-proclaimed cyberlaw, trademark, and domain nerd – told us that prior to the change Tom Christiansen was listed as the domain administrative contact.

While the Perl team has yet to respond to our request for a comment, a hijacking of Christiansen’s account seems a possibility. The expiry also appears to have been extended to 26 January 2031.

Shortly after the hijacking, the domain perl.com turned up as available to buy for $190k on afternic.com, now listed as a name server in the domain record at time of writing.

Perl.com for sale at $190,000 (credit: Gordon Lawrie)

The listing included other pricey domains, including piracy.com for a mere $125k, from user drawmaster. Afternic is part of the GoDaddy organisation and, shortly after we approached it for comment, the perl.com listing had been pulled. Piracy.com appears to still be available if you’re so inclined (and endowed in the wallet department).

All had recently been transferred to a mystery owner allegedly based in Chisinau, Moldova. All also had the full details of their original owners in plain text prior to the ownership change, including email addresses. ®

Source: https://www.theregister.com/2021/01/28/perl_hijacking/?&web_view=true

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO