Feeds

back to article AVG, Avira and WhatsApp pwned by hacktivists' DNS hijack

The websites of freebie antivirus vendors AVG and Avira as well as mobile messaging service WhatsApp appear to have been hit by a DNS redirection attack today which sent users to pro-Palestinian websites. A team of hacktivists calling themselves KDMS have claimed credit for the hacks. Visitors to avg.com were greeted by a …

COMMENTS

This topic is closed for new posts.
Silver badge

Leaseweb denied earlier reports that a vulnerability in its WHMCS billing and support system software might have been responsible for the hijack, but without naming a cause

Except they have clearly identified the "cause".

Right now, it appears that the hijackers obtained the domain administrator password and used that information to access the registrar.

So the 'hackers' used compromised account details to log into the domain registrar and change the DNS records.

What they haven't identified is how the attackers managed to obtain the password for the domain admin account.

2
0
Bronze badge
Big Brother

Avira Skeptic

Personally I wouldn't trust Avira's flat denial that there is no damage. Avira isn't known for being straightforward with their customers about technical problems.

Remember, this is a company that serves popup banners and forces installation of toolbars in PAID versions of their antivirus products.

3
0

Ah, this explains why I was having difficulty updating / downloading a new copy of AVG on a machine earlier... it was the only PC there and riddled with junk but even after cleaning up everything obvious the AVG site would only occasionally load whilst every other site I tried, even anti-virus related, seemed fine. I had thought there might still be some kind of trojan lurking on the machine but obviously the answer lay elsewhere...

1
0
Silver badge
Thumb Down

Cluely should know better

>It’s clearly embarrassing for a security company to be hit in this fashion by hackers....

If it's a DNS redirection then there is no need for embarrassment nor has there been defacement so any image claiming to show so is misleading.

2
0
Anonymous Coward

Got rid of AVG yonks ago

Bloat ware, in-your-face advertising and a very nasty propensity of forcing irelevant, unwanted and unnecessary third party toolbars on you (Scumbag Ask toolbar, if I recall the last time I had anything to do with them)

Hey, guys; how does it feel to be spaffed with something you didn't want and would rather get rid of? Now stop doing it yourselves.

3
5
Silver badge

Re: Got rid of AVG yonks ago

I've been using AVG for yonks and have never had anything forced on me, third party toolbars, advertising or otherwise. Maybe you should turn off auto-updates and go through the manual setup options correctly instead of just clicking on next. But why bother with that when a rant to assuage your incompetence will do just as well.

11
1

Who's the provider the got pwned?

Avira said it's "Network Solutions". Can I assume Whatsapp and AVG uses them as well or another DNS/domain provider.

It would be nice to know so we can avoid using them, and yes I somewhat agree with the sentiment that the only ones that should be shamed here is the guys behind the major service providers, so please, do us all a favour and reveal them.

1
0
Bronze badge

Re: Who's the provider the got pwned?

WHOIS has that information for you

Domain Name: WHATSAPP.COM

Registrar: NETWORK SOLUTIONS, LLC.

Domain Name: AVG.COM

Registrar: NETWORK SOLUTIONS, LLC.

0
0
Gold badge
WTF?

*What* bloatware toolbars?

People who are lusers not IT aware load them and then wonder why their browser window has shrunk as half their window space is taken over by this crap.

As for the AV providers I'd say it's their suppliers who should do the "walk of shame."

Their suppliers should give them a discount (and find and fix their security hole).

Because if they don't they should definitely leave the supplier.

2
0
Silver badge

so far so good

Sweet the topic has stayed technical and not turned into a Israel vs whoever flame fest like usually happens on here. Oh wait did I just start something lol?

0
0

Re: so far so good

I'm personally surprised that no one has commented on their use of NetSol in the first place.

Now I do admit that I haven't visited NetSol's site in years (and still refuse to even in the name of fact finding) but last I checked NetSol was still charging ludicrous mark-ups on domain name registrations claiming "superior support" over their competitors as justification of said ludicrous mark-up.

Yeah. Right.

If my other half (who is not IT savvy at all) is able to figure out on her own (and with ease) how to register a domain name and then forward said domain name to her blog then I think we can do without NetSol's claimed "superior support" and just go with a more affordable (and reliable) alternative.

0
0

Re: so far so good

You baggin' on Notwork Pollutions who keeps spamming me to have a free website built to better my business? Yep, they're still highly automated and deaf as they've always been.

1
0
This topic is closed for new posts.