Search This Blog

Perl.com, the Official Site for Perl Programming Language Hijacked

Threat actors took over the domain name perl.com and pointed it to an IP address associated with malware campaigns.

 

The domain Perl.com was made in 1994 and was the official site for the Perl programming language, it is enlisted with the registrar key-systems(.)net. An admonition went up on the perl.org foundation weblog overnight telling clients that perl.com was now directed to a parking site and exhorted against visiting "as there are some signals that it may be related to sites that have distributed malware in the past." 

“The perl.com domain was hijacked this morning and is currently pointing to a parking site. Work is ongoing to attempt to recover it.” reads the announcement published on the Perl NOC on 27th January 2021.

The hijack seems to have followed the deeply rooted way of an assailant jumping on a compromised account and swiping the domain instead of a simple expiration. The assailants changed the IP address from 151.101.2.132 to 35.186.238[.]10. After the hackers took control over the site, it was showing a clear page whose HTML contains GoDaddy parked domain scripts. 

Posting on Reddit, Brian Foy, editor on the site and writer of a few books on Perl, said: "It looks like there was an account hack. I don't know how long that would take to rewind. We're looking for people who have actual experience dealing with that situation so we can dispute the transfer." Perl.org was unaffected by the swipe. 

A look at the domain records shows the contact data is currently "REDACTED FOR PRIVACY". Gordon Lawrie – self-announced cyberlaw, trademark, and domain nerd – said that before the change Tom Christiansen was listed as the domain administrative contact. While the Perl group still can't seem to react to the solicitation for a remark, the hijacking of Christiansen's record appears to be a possibility. The expiry likewise seems to have been extended out to 26 January 2031.

Not long after the hijacking, the domain perl.com turned up as accessible to purchase for $190k on afternic.com, presently recorded as a name server in the domain record at the time of writing. The listing included other expensive domains, including piracy.com for a simple $125k, from client drawmaster. Afternic is an essential part of the GoDaddy association and, not long after when it was approached, the perl.com listing was pulled.
Share it:

Cyber Crime

Hijacking

Perl.com

Programming Language