OFFICIAL SECURITY BLOG
October 8, 2013 | BY Joshua Cannell
Reports are surfacing that antivirus companies AVG and Avira have had their websites hacked, along with the website for WhatsApp messenger.
At the time of this writing it seems that only AVG has recovered.
The group responsible for the alleged defacement is a Palestinian hacker group known as “KDMS” team.
The title for the defaced websites is changed to “You Got Pwned,” and the sites list two messages, one of which depicts the land loss of Palestine since 1946.
The second message delivered to visitors is “There is No Full Security, We Can Catch You!” Defaced websites also have a song playing in the background, which is the Palestinian National Anthem (found on youtube here). At the bottom of the page, the KDMS team says they’re going to quit hacking, and has the Anonymous hacking logo.
Many security experts have noticed compromised sites share a common domain registrar – Network Solutions.
Sorin Mustaca from Avira confirms this, stating that “several websites of Avira as well as other companies have been compromised by a group called KDMS. The websites of Avira have not been hacked, the attack happened at our Internet Service Provider Network Solutions.”
Avira has assured customers that their internal network has not been hacked compromised, and that this is simply a case of DNS hijacking.
We’ll keep you informed if there are any interesting developments in this story. Stay tuned.
Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and in-depth analysis on current malware threats. He has over 5 years of experience working with US defense intelligence agencies where he analyzed malware and developed defense strategies through reverse engineering techniques. His articles on the Unpacked blog feature the latest news in malware as well as full-length technical analysis. Follow him on Twitter @joshcannell