Recommendations after nu.nl hack


This post is over 5 years old, it may be out of date.

The popular Dutch news website NU.nl has been compromised and altered to serve a malicious worm to those who visited it on March 14, 2012 between 11:30 and 12:30. PC’s with older versions of Adobe Reader and Java may have been infected with the Sinowal worm, that is designed to steal passwords, online banking information and other sensitive data. We heard reports that up-to-date installations of F-Secure Client Security blocked this malware. According to ComputerIdee only a few security software suites recognized this malware. The version of Hitmanpro mentioned there has been copied to the Install network share, for employees and students who want to scan their PC.

General recommendations to limit risks:

  • Always update all software, especially browsers, mail clients and software used to show content from the Internet: Java, PDF-readers (Adobe, …), Office suites, Flash, …
  • Never trust a compromised system again: Clean the Master Boot Record, e.g. with TDSSkiller by Kaspersky and do a fresh install of the OS, with all updates available.