Wednesday, October 9, 2013

AVG, Avira and WhatsApp websites hacked

AVG, AVira and WhatsApp websites hacked by pro-Palestinian hackers


Yesterday, as you probably noticed, WhatsApp website was defaced. Later AVG and Avira websites joined with the same defacement screen.

There are a lot of post about it and we decided to make a short one as well, just to highlight that even big company's websites can get compromised, including security vendors(like AVG and Avira). In this case the DNS redirection was implemented as a result of acquired passwords.

Avira's update


What happened?

The DNS records of various websites, including those of Avira, were changed to point to other domains that do not belong to Avira.

It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request which was honored by the provider. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers.

Our internal network has not been compromised in any way. As a measure of security we have shut down all exterior services until we have all DNS entries in our possession again.

Our products were not affected at any point, including the update servers for product and detection updates. These servers are not registered at Network Solutions.

We can assure all our partners and customers that no data of any kind (customer data, source code, etc.) has been stolen during this incident.

No malicious code was delivered to the visitors of the website either by direct download or by drive-by downloads.