AVG, Avira and WhatsApp Websites DNS Jacked By Pro-Palestinian Hacktivists


There’s been a spate of these type of attacks this year, it seems like hackers are realizing the target servers and sites are pretty secure – so they are looking for other avenues to deface or spread their political messages.

DNS security has been overlooked for a long time, with most companies not using DNSSEC or any real protective measures. With DNS being such a critical service, this is rather worrying, as a tainted DNS record enables a hacker to take over an entire domain.

The websites of freebie antivirus vendors AVG and Avira as well as mobile messaging service WhatsApp appear to have been hit by a DNS redirection attack today which sent users to pro-Palestinian websites.

A team of hacktivists calling themselves KDMS have claimed credit for the hacks.

Visitors to avg.com were greeted by a rendition of the Palestinian national anthem (via an embedded YouTube video) and a message from a pro-Palestinian group calling itself the KDMS Team, instead of the usual security tips and links to anti-malware downloads.

“It’s clearly embarrassing for a security company to be hit in this fashion by hackers, but there is no indication that any customer information or sensitive data has been compromised,” writes Graham Cluley, a veteran of the antivirus industry turned independent security consultant. “It’s possible that the hackers managed to change the website’s DNS records, redirecting anyone who attempted to visit www.avg.com to a different IP address.”

It seems all 3 companies used Network Solutions as their DNS provider, so the flaw clearly lay there – what exactly happened hasn’t been disclosed (and honestly is unlikely to be disclosed).

The bad thing about DNS as well, is it takes time to change and propagate. So those people using ISPs that have aggressive DNS caching, might be seeing the hacked sites for quite some time.


Security experts were quick to discover that all three victims use hosting biz Network Solutions as their DNS provider. Hackers may have exploited security shortcomings at Network Solutions to alter DNS records and so gain control of their targets’ domains.

The KDMS team claims an affiliation with Anonymous Palestine. The same group pulled off a similar DNS hijack / redirection attack against the website of hosting firm leaseweb.com over the weekend.

LeaseWeb’s statement on the attack can be found here.

Leaseweb denied earlier reports that a vulnerability in its WHMCS billing and support system software might have been responsible for the hijack, but without naming a cause. The hosting firm is seeking to play down the significance of the attack, which it characterises as regrettable but superficial and quickly resolved.

You can also read more and see a screenshot of the hack at Graham Cluley’s blog here:

AVG and Avira anti-virus websites attacked by pro-Palestinian hackers

Let’s see if we see any more of these kind of attacks soon.

Source: The Register

Posted in: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.


Comments are closed.