AVG, Avira and WhatsApp Websites DNS Jacked By Pro-Palestinian Hacktivists


There’s been a spate of these type of attacks this year, it seems like hackers are realizing the target servers and sites are pretty secure – so they are looking for other avenues to deface or spread their political messages.

DNS security has been overlooked for a long time, with most companies not using DNSSEC or any real protective measures. With DNS being such a critical service, this is rather worrying, as a tainted DNS record enables a hacker to take over an entire domain.

The websites of freebie antivirus vendors AVG and Avira as well as mobile messaging service WhatsApp appear to have been hit by a DNS redirection attack today which sent users to pro-Palestinian websites.

A team of hacktivists calling themselves KDMS have claimed credit for the hacks.

Visitors to avg.com were greeted by a rendition of the Palestinian national anthem (via an embedded YouTube video) and a message from a pro-Palestinian group calling itself the KDMS Team, instead of the usual security tips and links to anti-malware downloads.

“It’s clearly embarrassing for a security company to be hit in this fashion by hackers, but there is no indication that any customer information or sensitive data has been compromised,” writes Graham Cluley, a veteran of the antivirus industry turned independent security consultant. “It’s possible that the hackers managed to change the website’s DNS records, redirecting anyone who attempted to visit www.avg.com to a different IP address.”

It seems all 3 companies used Network Solutions as their DNS provider, so the flaw clearly lay there – what exactly happened hasn’t been disclosed (and honestly is unlikely to be disclosed).

The bad thing about DNS as well, is it takes time to change and propagate. So those people using ISPs that have aggressive DNS caching, might be seeing the hacked sites for quite some time.


Security experts were quick to discover that all three victims use hosting biz Network Solutions as their DNS provider. Hackers may have exploited security shortcomings at Network Solutions to alter DNS records and so gain control of their targets’ domains.

The KDMS team claims an affiliation with Anonymous Palestine. The same group pulled off a similar DNS hijack / redirection attack against the website of hosting firm leaseweb.com over the weekend.

LeaseWeb’s statement on the attack can be found here.

Leaseweb denied earlier reports that a vulnerability in its WHMCS billing and support system software might have been responsible for the hijack, but without naming a cause. The hosting firm is seeking to play down the significance of the attack, which it characterises as regrettable but superficial and quickly resolved.

You can also read more and see a screenshot of the hack at Graham Cluley’s blog here:

AVG and Avira anti-virus websites attacked by pro-Palestinian hackers

Let’s see if we see any more of these kind of attacks soon.

Source: The Register

Posted in: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.


Comments are closed.