It’s shocking to learn that the main websites of AVG Technologies, Avira and WhatsApp have been hacked by KDSM Team, a Palestinian hacker group. The representatives of Avira have given their confirmation on this case of DNS Hijacking.
Sorin Mustaca, Avira’s Security Expert and Product Manager said in a statement that KDMS has affected a lot of websites including Avira, but Avira’s websites were not hacked as their Internet Service Provider ‘Network Solutions’ was attacked by the group. He also said that all the DNS details of the attacked websites are changed and now targeted towards arbitrary domains. He explained further,
“It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira”.
The ISP has now permitted for a 3rd party control of Avira’s DNS as the hackers have used new credentials which cause the entries go towards their DNS servers.
However, Avira has also given reassurance to all its customers confirming that their internal networks are absolutely unaffected and safe and that it has stopped all the external services until the DNS entries are back in their control. Further commenting on the issue by stating that the company is working closely with their ISP, Network Solutions in order to regain possession of their domain name and the access to all Avira services will be restored only after that. He concluded by saying that till now the company is unaware of any effect of the hacking on any of their customers.
As per the latest update, Kaspersky’s Aleks Gostev said that Avira’s email has also been affected as all emails sent to Avira are bouncing back.
On the other hand, AVG Technologies’ main website, avg.com has been restored now. Their second message said,
“There Is No Full Security. We Can Catch You! Hacked by KDMS team. Now We Will Quit Hacking.”
They proved this to be true as they seem to have deleted their Facebook page after their recent hacking activity. AVG has not given any clarifications about the cause of the attack yet.
For your information, this is the same group which also hacked LeaseWeb over the weekend, which was also the result of a DNS attack. Although the hackers say that they stole the data of these company’s websites from their web hosting systems, but have not provided any proof. But, it’s quite probable that the hackers entered the systems of the common ISP as only the domains registered under Network Solutions have been affected.
UPDATE: AVG has sent us their official statement:
AVG can confirm today that it has had a select number of online properties defaced as a result of our domain name system (DNS) registrar being compromised. A number of other companies appear to have been faced with the similar issue. The situation is being further monitored and assessed closely. Customers are our priority, the DNS records have been corrected and AVG is working hard to resume normal service levels to its customer base and continue to protect our customers and their privacy.