back to article AVG, Avira and WhatsApp pwned by hacktivists' DNS hijack

The websites of freebie antivirus vendors AVG and Avira as well as mobile messaging service WhatsApp appear to have been hit by a DNS redirection attack today which sent users to pro-Palestinian websites. A team of hacktivists calling themselves KDMS have claimed credit for the hacks. Visitors to were greeted by a …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Leaseweb denied earlier reports that a vulnerability in its WHMCS billing and support system software might have been responsible for the hijack, but without naming a cause

    Except they have clearly identified the "cause".

    Right now, it appears that the hijackers obtained the domain administrator password and used that information to access the registrar.

    So the 'hackers' used compromised account details to log into the domain registrar and change the DNS records.

    What they haven't identified is how the attackers managed to obtain the password for the domain admin account.

    1. BillG
      Big Brother

      Avira Skeptic

      Personally I wouldn't trust Avira's flat denial that there is no damage. Avira isn't known for being straightforward with their customers about technical problems.

      Remember, this is a company that serves popup banners and forces installation of toolbars in PAID versions of their antivirus products.

  2. AJ MacLeod

    Ah, this explains why I was having difficulty updating / downloading a new copy of AVG on a machine earlier... it was the only PC there and riddled with junk but even after cleaning up everything obvious the AVG site would only occasionally load whilst every other site I tried, even anti-virus related, seemed fine. I had thought there might still be some kind of trojan lurking on the machine but obviously the answer lay elsewhere...

  3. Anonymous Coward
    Thumb Down

    Cluely should know better

    >It’s clearly embarrassing for a security company to be hit in this fashion by hackers....

    If it's a DNS redirection then there is no need for embarrassment nor has there been defacement so any image claiming to show so is misleading.

  4. Anonymous Coward
    Anonymous Coward

    Got rid of AVG yonks ago

    Bloat ware, in-your-face advertising and a very nasty propensity of forcing irelevant, unwanted and unnecessary third party toolbars on you (Scumbag Ask toolbar, if I recall the last time I had anything to do with them)

    Hey, guys; how does it feel to be spaffed with something you didn't want and would rather get rid of? Now stop doing it yourselves.

    1. Anonymous Coward
      Anonymous Coward

      Re: Got rid of AVG yonks ago

      I've been using AVG for yonks and have never had anything forced on me, third party toolbars, advertising or otherwise. Maybe you should turn off auto-updates and go through the manual setup options correctly instead of just clicking on next. But why bother with that when a rant to assuage your incompetence will do just as well.

  5. 02X7Cm

    Who's the provider the got pwned?

    Avira said it's "Network Solutions". Can I assume Whatsapp and AVG uses them as well or another DNS/domain provider.

    It would be nice to know so we can avoid using them, and yes I somewhat agree with the sentiment that the only ones that should be shamed here is the guys behind the major service providers, so please, do us all a favour and reveal them.

    1. Nate Amsden

      Re: Who's the provider the got pwned?

      WHOIS has that information for you

      Domain Name: WHATSAPP.COM

      Registrar: NETWORK SOLUTIONS, LLC.

      Domain Name: AVG.COM

      Registrar: NETWORK SOLUTIONS, LLC.

  6. John Smith 19 Gold badge

    *What* bloatware toolbars?

    People who are lusers not IT aware load them and then wonder why their browser window has shrunk as half their window space is taken over by this crap.

    As for the AV providers I'd say it's their suppliers who should do the "walk of shame."

    Their suppliers should give them a discount (and find and fix their security hole).

    Because if they don't they should definitely leave the supplier.

  7. asdf

    so far so good

    Sweet the topic has stayed technical and not turned into a Israel vs whoever flame fest like usually happens on here. Oh wait did I just start something lol?

    1. Anonymous Coward
      Anonymous Coward

      Re: so far so good

      I'm personally surprised that no one has commented on their use of NetSol in the first place.

      Now I do admit that I haven't visited NetSol's site in years (and still refuse to even in the name of fact finding) but last I checked NetSol was still charging ludicrous mark-ups on domain name registrations claiming "superior support" over their competitors as justification of said ludicrous mark-up.

      Yeah. Right.

      If my other half (who is not IT savvy at all) is able to figure out on her own (and with ease) how to register a domain name and then forward said domain name to her blog then I think we can do without NetSol's claimed "superior support" and just go with a more affordable (and reliable) alternative.

      1. gollux

        Re: so far so good

        You baggin' on Notwork Pollutions who keeps spamming me to have a free website built to better my business? Yep, they're still highly automated and deaf as they've always been.

This topic is closed for new posts.