Avira and AVG web sites hacked

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Palestinian hacktivists mod the AVG and Avira web sites.

http://betanews.com/2013/10/08/avg-and-avira-hacked-sites-currently-offline/

I saw the Avira web page 45 minutes ago.  Now fixed.


--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Avira and AVG web sites hacked

On 8/10/2013 11:12 PM, David H. Lipman wrote:
Quoted text here. Click to load it

Let's hope their software distribution and virus database servers were  
not affected. :)

--  
   @~@   Remain silent. Nothing from soldiers and magicians is real!
  / v \  Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
   ^ ^   (x86_64 Ubuntu 9.10)  Linux 2.6.39.3
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

Re: Avira and AVG web sites hacked


Quoted text here. Click to load it

No, its purely hactivism.



--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: Avira and AVG web sites hacked

On Tue, 8 Oct 2013 11:12:00 -0400, "David H. Lipman"
sites hacked:

Quoted text here. Click to load it

That's embarrassing.
--  
Web based forums are like subscribing to 10 different newspapers  
and having to visit 10 different news stands to pickup each one.
Email list-server groups and USENET are like having all of those  
newspapers delivered to your door every morning.

Re: Avira and AVG web sites hacked


Quoted text here. Click to load it

That's an understatement.  Aparently the self proclaimed KDMS Team is on a rampage that  
has also included;  Alexa, RedTube and LeasedWeb.



--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: Avira and AVG web sites hacked

On 9/10/2013 12:31 AM, CRNG wrote:
Quoted text here. Click to load it

Turned out it's the fault of the DNS service provider:

"It appears that our account used to manage the DNS records registered  
at [color=red]Network Solutions has received a fake password-reset  
request[/color] not being initiated by anyone at Avira," the expert  
explained.

"Network Solutions appears to have honored this request and allowed a  
3rd party to assume control of our DNS. Using the new credentials the  
cybercriminals have been able to change the entries to point to their  
DNS servers."

<http://news.softpedia.com/news/Avira-Confirms-Network-Solutions-Has-Been-Hacked-389422.shtml

--  
   @~@   Remain silent. Nothing from soldiers and magicians is real!
  / v \  Simplicity is Beauty! May the Force and farces be with you!
/( _ )\ (Fedora 19 i686)  Linux 3.11.2-201.fc19.i686
   ^ ^   18:57:02 up 3 days 1:59 0 users load average: 0.00 0.01 0.05
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

Re: Avira and AVG web sites hacked

David H. Lipman has written on 10/8/2013 11:12 AM:
Quoted text here. Click to load it

The translation of what you see there when you click any link:

Dear Avira users!
moment is subjected to our website maintenance.

We apologize for the inconvenience.
Our services will soon be available again.

Re: Avira and AVG web sites hacked

David H. Lipman wrote:

Quoted text here. Click to load it

The article is vague.  They don't really know what happened.  Could be
the web site got hacked, as claimed.  Could be instead the result of DNS
poisoning (theirs or at other nameservers).  I found this:

http://news.softpedia.com/news/Avira-Confirms-Network-Solutions-Has-Been-Hacked-389422.shtml

So it wasn't web site hacking.  It was DNS poisoning.  The common node
is Network Solutions' DNS services.  So it isn't the target sites that
were compromised but of whom they use for nameservers.  So the fault
lies at Network Solutions.  So the article title should be:

  "Improper validation for password reset at Network Solutions leads to  
  DNS poisoning"

How DNS poisoning works
http://www.networkworld.com/news/tech/2008/102008-tech-update.html

Avira, AVG, and other sites were NOT hacked.  Their DNS service provider
fucked up.  The sites have nothing to be embarassed about.  It wasn't
their fault.  They should announce in their own press releases that
their DNS provider caused the problem, not them.

Once Network Solutions nameservers are cleaned up, it'll be about 4
hours to propagate the cleanup to the rest of the worldwide DNS network
through normal peer updates.  Of course, the companies that got hit
could accelerate the process so it could take less time.  Avira and AVG
are already "repaired" (for me).

Re: Avira and AVG web sites hacked


Quoted text here. Click to load it

Yes, it looks like it was "DNS Hijacking" or the terminology I like better  
being DNS Poisoning.

--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Avira and AVG web sites hacked

On Wednesday, October 9, 2013 3:22:27 AM UTC+8, VanguardLH wrote:  
Quoted text here. Click to load it


Yes, I am always amazed how people assume hacking means somebody breaks int
o your web server root directory.  To my knowledge (and I'm hardly an exper
t, but I do have my own web server) the only way that can happen is if some
body knows your password.  If you keep your password to say 12 digits, with
 uppercase and numbers, etc, the chances of somebody cracking your password
 is astronomically small.  So really there's "no such thing" as true "hacki
ng" in the sense of somebody guessing your password and breaking into your  
system, without of course a social exploit like getting the secretary to lo
g you into the system over the phone, etc, etc.

RL

Re: Avira and AVG web sites hacked

On Tue, 8 Oct 2013 23:30:38 -0700 (PDT)

Quoted text here. Click to load it

Exploits of software running on the server is also a common vector.

[...]

Re: Avira and AVG web sites hacked


Quoted text here. Click to load it


In this case, it may have been a Social Engineering ploy to wrest control of the account  
that controls the DNS for the affected companies targeted by this hacktivism.

--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: Avira and AVG web sites hacked

On Wed, 9 Oct 2013 09:39:55 -0400

Quoted text here. Click to load it

Was it a "forgot my password" feature that got leveraged?

Re: Avira and AVG web sites hacked

On Wednesday, October 9, 2013 10:22:01 PM UTC+8, FromTheRafters  
Quoted text here. Click to load it

That's how I lost "raylopez99 at yahoo.com" a while ago--some guy used a no
w discredited way of resetting your password to lock me out of my own accou
nt.  I did get this email account back however several years later, when it
 was unused and recycled (I jumped back in once it became available).    

I wonder if I'll start getting all kinds of spam now that I posted my email
 online.  Do they still have web crawlers that check emails for the "at" sy
mbol?  Better safe than sorry, I'll change it to "at".

RL

Re: Avira and AVG web sites hacked


Quoted text here. Click to load it

Avira blogged something to that effect.

--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Avira and AVG web sites hacked

+ User FidoNet address: 1:3634/12
 On Tue, 08 Oct 2013, RayLopez99 wrote to All:

 R> Yes, I am always amazed how people assume hacking means somebody
 R> breaks into your web server root directory.

getting into the root directory of the web server is not the only way... one
can get in thru any subdirectories in the web tree if there are vulnerabilities
elsewhere...

 R> To my knowledge (and I'm hardly an expert, but I do have my own  
 R> web server) the only way that can happen is if somebody knows  
 R> your password.

it is not the only way... consider the recent problems with certain CMSes that
had an addon for an additional package that had a security hole in it... may
sites were infiltrated via this method... no password needed at all... it was
simply uploading a script file and then calling it via the web site which then
allowed them to do what they wanted...

the specific problem was two fold...

  1. files that should have been disallowed were allowed
  2. the location of the uploaded files was known

since the location was known, they only needed, as mentioned above, load it in
their browser...

 R> If you keep your password to say 12 digits, with uppercase and  
 R> numbers, etc, the chances of somebody cracking your password is  
 R> astronomically small.

have you heard of "rainbow tables" ;)

 R> So really there's "no such thing" as true "hacking" in the sense of  
 R> somebody guessing your password and breaking into your system,  
 R> without of course a social exploit like getting the secretary to  
 R> log you into the system over the phone, etc, etc.

hacking never was password guessing/cracking... hacking used to be an honorable
task to regain control over systems... most notably those where admins changed
the passwords and/or security when they were leaving the job for some reason OR
someone made a (bad) mistake which was not discovered until they had signed out
of the machine or network... since no one knew how to get back in, there was
only two choices... hacking or reloading from bare metal... loosing the data
was more costly than paying someone knowledgable to hack their way into the
system... today, hacking still has its good side but it is overshadowed by the
dark side as well as the monumental mis-use of the term from its original
meaning...

)\/(ark
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Site Timeline