Google Search Malaysia Website Redirects, DNS Hijacked

Google Search Malaysia domain has been hijacked at about 11pm, 10 October(Malaysia time). The method, commonly known as DNS Hijacking, basically redirects visitors to google.com.my to a totally different site. The hackers who claimed responsibility calls themself 1337.

In the “geeks” world, 1337 is short for “elite” or “leet”, which they are basically claiming themself to be the “Gods of the internet”.

The hijacked Google Malaysia domain currently displays the following:

[!] Struck by 1337
[Google Logo]

Google Malaysia STAMPED by PAKISTANI LEETS

We are TeaM MADLEETS

H4x0r HuSY – KhantastiC HaXor – H4x0rL1f3 – InvectuS – Shadow008 – r00x – Don – MindCracker – Dr.Z0mbie – phpBuGz – MaD GirL
MaDCoDe – Sn!p3r_GS – DeXter – Neo Haxor – Darksnipper – Pain006 – b0x – R3DL0F – Sahrawi – 3thicaln00b – Hmei7 – MakMan – Sniffer – AL.MaX HaCkEr – Ch3rn0by1

=======================
www.MaDLeeTs.com
| [email protected] |
=======================

Pakistan Zindabad

At the moment, not all Google Malaysia search users are affected. It appears that only http://www.google.com.my/ is redirected while some people may be able to access the search engine using using SSL at https://www.google.com.my/.

The Google Malaysia domain is currently pointing to the IP- 142.4.211.228 which is located in Canada. The IP has 2 DNS servers which are:

  • b0x3.madleets.com
  • b0x4.madleets.com

The hijacked Google Malaysia domain appears to be registered via Integricity Corporation Sdn. Bhd. a known web hosting company located in PJ, Selangor, Malaysia and hosted with OVH Hosting, Inc., located in France. However the hack may have nothing to do with Integricity Corporation or OVH Hosting.

The domain madleets.com are believed to be owned by the hackers, however the site is protected by Cloudflare.

Below is a trace to Google Search Malaysia(www.google.com.my) website from a local ISP:

The correct IP that www.google.com.my should be pointing to is- 173.194.38.159 or any similar IPs that are directly registered to Google. This is probably the second time Google Malaysia is hacked this year where the 1st one took place about 2-months ago.

The 1337 group of hackers are known to target second-level domain (SLD) all around the world that belongs to Microsoft, Google, Canon, Toshiba, Samsung, IBM, Fujitsu, Volvo, among the few.

At the point of writing, Mazda Malaysia webiste(mazda.my) has been hijacked as well.

DNS records work like a telephone book, converting human-readable website names like google.com or google.com.my into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup, so when you entered google.com.my into your browser you were instead taken to a website that wasn’t under the legitimate company’s control.

Considering that the Google Malaysia office is focused at sales & marketing, and do not have direct control over the domain, it remains unclear on when the search site will be restored.

[Update 1, 6am]: It appears that google.com.my is registered via Integricity Corporation Sdn. Bhd and they have managed to resolve the issue. However the update might take up to 48 hours for the DNS to resolve.

Leave a Reply