{"id":3547,"date":"2013-10-10T18:47:41","date_gmt":"2013-10-10T10:47:41","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3547"},"modified":"2015-09-09T19:36:53","modified_gmt":"2015-09-09T11:36:53","slug":"avg-avira-whatsapp-websites-dns-jacked-pro-palestinian-hacktivists","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2013\/10\/avg-avira-whatsapp-websites-dns-jacked-pro-palestinian-hacktivists\/","title":{"rendered":"AVG, Avira and WhatsApp Websites DNS Jacked By Pro-Palestinian Hacktivists"},"content":{"rendered":"
There’s been a spate of these type of attacks this year, it seems like hackers are realizing the target servers and sites are pretty secure – so they are looking for other avenues to deface or spread their political messages.<\/p>\n
DNS security<\/a> has been overlooked for a long time, with most companies not using DNSSEC<\/a> or any real protective measures. With DNS being such a critical service, this is rather worrying, as a tainted DNS record enables a hacker to take over an entire domain.<\/p>\n The websites of freebie antivirus vendors AVG and Avira as well as mobile messaging service WhatsApp appear to have been hit by a DNS redirection attack today which sent users to pro-Palestinian websites.<\/p>\n A team of hacktivists calling themselves KDMS have claimed credit for the hacks.<\/p>\n Visitors to avg.com were greeted by a rendition of the Palestinian national anthem (via an embedded YouTube video) and a message from a pro-Palestinian group calling itself the KDMS Team, instead of the usual security tips and links to anti-malware downloads.<\/p>\n “It\u2019s clearly embarrassing for a security company to be hit in this fashion by hackers, but there is no indication that any customer information or sensitive data has been compromised,” writes Graham Cluley, a veteran of the antivirus industry turned independent security consultant. “It\u2019s possible that the hackers managed to change the website\u2019s DNS records, redirecting anyone who attempted to visit www.avg.com to a different IP address.”<\/p><\/blockquote>\n