On January 27, 2021, the Perl Foundation announced that someone hijacked Perl.com, a famous Perl Programming Language website that started in 1997. It also declared that it was currently highlighting a parking site. At the same time, it urged users not to visit the domain. It is the case since it detected some signals that the domain might relate to formerly malware distribution websites.
Shortly afterward, the news spread like wildfire on social media and other platforms and sent shockwaves among Perl users. The report suggested that the domain transformed ownership, and the website moved to an alternate server from where it originally got hosted.
Remember, we encounter such scenarios infrequently where a company misremembers to get domain extension before its expiry. Subsequently, the domain name reverts to the pool of available domains. Hence, it allows any buyer to get a hold of it.
Here Is The Real Story of the Perl.com Hijack.
Over the years, such incidents have occurred with other online entities, including Microsoft’s hotmail.co.uk domain. Also, it took place with Foursquare. On the other hand, the case of Perl.com is slightly different.
Previously, Network Solutions LLC hosted the website through the Bitnames servers. Suddenly, the ownership of Perl.com shifted to Bizcn.com, a Chinese domain registrar, on December 30, 2020. Later on, the control got transferred to a German domain hosting provider named Key-Systems GmbH on January 27, 2021. It is to note that the servers also changed to Afternic from Bitnames. Allegedly, Afternic seems to belong to GoDaddy.
Soon after the Perl.com domain got stolen, The Register discovered it available to be purchased on afternic.com for $190,000. Anyhow, the posting was quickly removed.
Thus, it hints at a classic case of domain hijacking, including the Perl.com hijack. It occurs when an unauthorized change of DNS configuration happens. Usually, a rogue name server performs the name resolution for the domain.
The attacker modifies registration contact subtleties and receives ownership of the domains legally registered with the attacked entity’s name. Nevertheless, it is essential to highlight that the hijacked website’s content may change entirely or may not change at all. It is not difficult to clone the contents of the previous website. In the wake of doing malicious transfers that target the users, the hijacker can continue with it as usual.
Notably, the reflection of website DNS and hosting changes is not always visible on the website itself. In this way, employing services, for example, Urlscan or The Wayback Machine, won’t generally be useful. Instead, there is a need to zero in on the chronicled DNS examination.
Perl as a Programming Language
Perl is one of the significant programming languages as far as the invisible layers of the Internet and web are concerned. Indeed, it has lost its swag and popularity in recent years, although many systems still rely on Perl. Additionally, many developers leverage the convenience of CPAN (Comprehensive Perl Archive Network). To your surprise, many languages follow the blueprint of CPAN.
In addition to its losing popularity because of other emerging languages, it has now met a significant setback. The hijacking incident of Perl.com would put many of its users at risk from hackers. It is on the grounds that Perl.com gets used as a backup for disseminating modules through CPAN. So, it opens up the possibility of hijackers exploiting the given connection to compromise systems using CPAN.
It is undoubtedly a heart-wrenching scenario for all Perl fans to witness a once hugely popular language is going through bad times.
Official Website of the Perl Programming Language
It is essential to bring to your attention that the Perl programming language’s official website is Perl.org. Thankfully, it remains intact and secure.
Final words
Several days ago, the DNS host record returned into legitimate hands, with thanks. It is undoubtedly good news for the owners of Perl.com and the PERL community. However, some issues with resolving the DNS may persist because of the incident that occurred. Albeit the domain does not seem malicious now, visitors should shun getting to Perl.com up until the initial registrants can regulate it.
Please visit our cybersecurity advisory and consulting services 24/7 site to get advice on mitigations on evolving cybersecurity threats.
References
Here you see the hijack case of the Perl.com domain
Hijacked Perl.com domain involving malicious activity
Everything you need to learn: Perl.com domain, hijacking, and malware actors
