The Latest in IT Security

Avira, AVG and WhatsApp Defaced

08
Oct
2013

If you visited the web sites for Avira, AVG or WhatsApp this morning, you probably saw that they didn’t look like they should. All of them were defaced and looked like this:

02 avira defaced

It is a bit horrifying when you see such big sites, including security sites from major Anti Virus products (like AVG and Avira) getting compromised. But what really happened? Did they really get hacked?

DNS redirection

In a broader sense, they did get hacked, but not through a compromise on their servers or network. It looks like the attackers got access to their domains registration panels at Network Solutions and modified their name servers.

For example, these were the new name servers for Avira:

$ host -t NS avira.com
avira.com name server ns1.radioum.com.br.
avira.com name server n1.ezmail.com.br.
avira.com name server n2.ezmail.com.br.
avira.com name server ns2.radioum.com.br.

And these new names servers were pointing Avira’s IP address to 173.193.136.42, instead of the real IP address. That’s why visitors to the site were greeted with a defacement page.

What causes a bit of suspicion is that all these domains are hosted at Network Solutions, so we have to wait a bit more to see if it was caused by a breach on their end or something else.

Update: Avira posted the following on their tech blog: “It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request which was honoured by the provider. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers.” So it doesn’t looks like Netsol was directly hacked, but the attackers found a way to reset the passwords for certain accounts.

Leave a reply


Categories

FRIDAY, NOVEMBER 22, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments