A group of hackers have claimed responsibility into hijacking the websites of AVG, Avira and WhatsApp.
“It appears that several websites of Avira as well as other companies have been compromised by a group called KDMS. The websites of Avira have not been hacked, the attack happened at our Internet Service Provider ‘Network Solutions’,” Avira Security Expert and Product Manager Sorin Mustaca told Softpedia.
Avira reassures customers that their internal networks have not been compromised. Until all DNS entries are back in their possession, the company has shut down all external services.
“We are working with the ISP to receive control on the domain name and only when we have solved the problem we will restore the access to the Avira services. At this point we are not aware of any effect to our customers,” Mustaca concluded.
Visitors to avg.com were greeted by a rendition of the Palestinian national anthem (via an embedded YouTube video) and a message from a pro-Palestinian group calling itself the KDMS Team, instead of the usual security tips and links to free anti-virus downloads.
A spokeswoman for AVG said: “AVG can confirm today that it has had a select number of online properties defaced as a result of our DNS provider being compromised. A number of other companies appear to have been similarly targeted. The situation is being monitored and assessed. Customers are our priority and AVG is working hard to resume normal service levels to its customer base.”
DNS records work like a telephone book, converting human-readable website names like avira.com or avg.com into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup, so when you entered whatsapp.com into your browser you were instead taken to a website that wasn’t under the legitimate company’s control.
“It’s clearly embarrassing for a security company to be hit in this fashion by hackers, but there is no indication that any customer information or sensitive data has been compromised,” writes Graham Cluley, a veteran of the antivirus industry turned independent security consultant.
The KDMS team claims an affiliation with Anonymous Palestine. The same group pulled off a similar DNS hijack / redirection attack against the website of hosting firm leaseweb.com over the weekend.
At the point of writing, all websites appears to have been restored.
[Source]– Softpedia