Avira Confirms ISP Hack

Tuesday, October 8, 2013 @ 04:10 PM gHale


Two antivirus firms and one mobile messaging service had their websites attacked by Palestinian hackers of KDSM Team.

The defaced websites include AVG, Avira and WhatsApp. Avira officials confirmed they suffered a DNS hijacking.

RELATED STORIES
Adobe Hacked, Source Code Leaked
Too Small for an Attack? Think Again
2 Teens Busted in Separate DDoS Attacks
Two Busted in Ransomware Plot

“It appears that several websites of Avira as well as other companies have been compromised by a group called KDMS. The websites of Avira have not been hacked, the attack happened at our Internet Service Provider (ISP) ‘Network Solutions’,” Avira Security Expert and Product Manager Sorin Mustaca said.

Mustaca said the DNS records of the websites changed to point to arbitrary domains.

“It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira,” Mustaca said.

“Network Solutions appears to have honored this request and allowed a 3rd party to assume control of our DNS. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers,” he said.

Avira went on to say their internal networks did not suffer compromise. Until all DNS entries are back in their possession, the company has shut down all external services.

“We are working with the ISP to receive control on the domain name and only when we have solved the problem we will restore the access to the Avira services. At this point we are not aware of any effect to our customers,” Mustaca said.



Leave a Reply

You must be logged in to post a comment.