Jump to content

AVG & Avira Websites Hacked by Palestinian Group


Matsuda

Recommended Posts

sshot_1.png

The Palestinian hacker group KDSM Team has defaced the main website of AVG Technologies, avg.com. It’s uncertain if the incident is a result of a breach of AVG’s systems or if it’s another case of DNS hijacking.

At the time of writing, the site is restored. However, security expert Graham Cluley has captured a screenshot of the defacement page.

“We are here to deliver two messages. First one: we want to tell you that there is a land called Palestine on the earth. This land has been stolen by Zionist. Do you know it? Palestinian people has the right to live in peace. Deserve to liberate their land and release all prisoners from Israeli jails. We want peace. Long live Palestine,” the hackers wrote on the defaced site.

They added, “Second message: There Is No Full Security. We Can Catch You! Hacked by KDMS team. Now We Will Quit Hacking.”

Interestingly, the part about “we will quit hacking” appears to be true since the group has deleted its Facebook page.

It’s uncertain how the hackers pulled this off. We’ve reached out to AVG in hopes that they can provide some clarifications. This article will be updated in case we hear from them, or if they publish a statement.

KDMS Team is the same group that claimed to have hacked LeaseWeb over the weekend. The hackers say they’ve stolen data from the web hosting company’s systems, but they haven’t provided any evidence to back their allegations.

LeaseWeb representatives said the attack was the result of a DNS hijack. It’s possible that a DNS poisoning attack is behind the AVG website defacement as well, but we’ll probably find out for sure once AVG comes forward with a statement.

Update. Experts have confirmed that this is a case of DNS hijacking. It appears that avg.com is not the only domain affected. Avira and WhatsApp websites have also been defaced in the same manner.

The visitors of these sites see the real site or the defacement page depending on what DNS they're using.

Also, the hackers have clarified that their Facebook page was actually deleted by Facebook.

Update 2. All of the impacted domains are registered through Network Solutions. It's possible that the hackers breached the systems of Network Solutions.

Kaspersky's Aleks Gostev says Avira's email is also affected. We can confirm this since the emails we've attempted to send to Avira have bounced back.

“It appears that several websites of Avira as well as other companies have been compromised by a group called KDMS. The websites of Avira have not been hacked, the attack happened at our Internet Service Provider ‘Network Solutions’,” Avira Security Expert and Product Manager Sorin Mustaca said in a mailed statement.

According to Mustaca, the DNS records of the impacted websites have been changed to point to arbitrary domains.

“It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira,” the expert explained.

“Network Solutions appears to have honored this request and allowed a 3rd party to assume control of our DNS. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers.”

Avira reassures customers that their internal networks have not been compromised. Until all DNS entries are back in their possession, the company has shut down all external services.

“We are working with the ISP to receive control on the domain name and only when we have solved the problem we will restore the access to the Avira services. At this point we are not aware of any effect to our customers,” Mustaca concluded.

While this statement comes only from Avira, the scenario is most likely the same for all the impacted companies.

Additional details will probably be provided by Network Solutions in the upcoming hours. Stay tuned to find out more.


Source And Source

Link to comment
Share on other sites


  • Replies 17
  • Views 1.8k
  • Created
  • Last Reply

Top Posters In This Topic

  • Tweety.Abd

    2

  • Matsuda

    2

  • ramiz0

    2

  • STEEL

    2

Top Posters In This Topic

plaestenian... (are they from outer space?)

nope ,they are Arab though Palestine inst declared as state for many reasons were not going through because its off topic

Link to comment
Share on other sites


:rant: :rant: :rant:

Edited by STEEL
Link to comment
Share on other sites


This is really bad now what will these antiviruses companies will do?

And what about those who are using there antivirus or products?

Link to comment
Share on other sites


So funny :D . They promised, they offered and they delivered protection to customers but they are so WEAK to protect themselves.

Link to comment
Share on other sites


Another screenshot from my browser :)

FkG0lBm.png

Link to comment
Share on other sites


So funny :D . They promised, they offered and they delivered protection to customers but they are so WEAK to protect themselves.

:o :D

Link to comment
Share on other sites


So funny :D . They promised, they offered and they delivered protection to customers but they are so WEAK to protect themselves.

I know right! How are Avira be expected to protect their users if it can't even protect itself?

Edited by Tweety.Abd
Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...