Cryptome.org hacked--and inadvertently spreads infection

Infected files on the site were downloading exploits from the Blackhole Toolkit that target Windows.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Feb. 13, 2012 5:18 p.m. PT

Cryptome.org became aware of the compromise by a visitor who reported receiving this warning from anti-malware software after visiting the site. — Cryptome.org was notified of the compromise by a visitor who reported receiving this warning from anti-malware software after visiting the site. Cryptome.org

Someone compromised the free-speech, antisurveillance repository Cryptome.org and hid malware on the site that infected Web surfers over the weekend, Cryptome.org reported.

A malicious PHP file was added to the site on Wednesday and a new directory was created that had logged nearly 3,000 IP addresses between Wednesday and Sunday, according to a post on the site.

The Cryptome.org post said thousands of HTML files in the site's main directory were found to be contaminated with a malicious script that appeared to download exploits from the Blackhole Toolkit "that may compromise a computer though various vendor vulnerabilities," according to a Symantec description of the Web attack. This affects Windows platforms, Symantec says. Symantec offered to investigate the hack, Cryptome.org said.

Meanwhile, Cryptome.org's post said the site was expected to be cleaned up by the end of the day.