Security → AVG, Avira, Alexa, Whatsapp hacked

Palestinian hacker group called KDMS Team has hit all 4 sites
»www.theepochtimes.com/n3 ··· g-group/

quote:

---

“The DNS records of various websites, including those of Avira.com, were changed to point to other domains that do not belong to Avira,” said the company in a statement. ”It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira.”

“Network Solutions appears to have honored this request and allowed a 3rd party to assume control of our DNS. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers. Our internal network has not has not been compromised in any way. As a measure of security we have shut down all exterior services until we have all DNS entries in our possession again.”

---

--
Gladiator Security Forum

I wonder if their DNS server's password was "password," "qwerty" or "abc123."

So, is that why I couldn't reach Avira support forum today? I assumed it was because Avira had already killed the forum as they have said they will "soon" because they have that new support system.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

The password could have been qjNCnFyBpCxCmD0qWPkrzwbNbFamU6QDEgw3gkAHMlHl4cEOG5tMaRvngaqbduV
but it didn't matter, the hack was on Network Solutions password reset policy.

”It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira.”
oops

It's death is immanent... but the forums are still accessible.
Have you seen or even tried out Aviras new support system? I much prefer the old style forums. Symantec has already made a very similar switch by creating a new more up to date support system and choosing to hide away links to their older support forums. You can still find the community forums via their site map. I don't like it one bit. However, for the moment, Symantec does not intend to close their regular support forums.
--
"Graffiti Wall" Dustyn's Wall »[Tech] RIP

In related news:
Critical WhatsApp crypto flaw threatens user privacy, researchers warn
»arstechnica.com/security ··· rs-warn/

I looked at the new support system. I didn't like it.

I'm glad the forum is still there (for now) as I want to download some IMs. I don't recall seeing any IM section in their new support system.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

avast! Blog:

quote:

---

We can confirm that there was also a hacker attempt against the AVAST site -- we assume from the same group -- but we took immediate steps and therefore were able to contain it.

---

--
Gladiator Security Forum

The blog being titled:
Attempted hack against AVAST
Leads me to believe the hack was only attempted but not successful.
But then Avast says:
"We can confirm that there was also a hacker attempt against the AVAST site – we assume from the same group – but we took immediate steps and therefore were able to contain it.

Contain it??
Contain what?
You don't contain attempts, you contain damage by taking back control of hacked servers.

But then further in the Avast blog they say:
"“We ourselves received a notification from Network Solutions saying our email had been changed. We knew we had not requested that so we immediately took action and changed our passwords, which protected us,” said Vincent Steckler, AVAST CEO"

That leads me to believe that the site wasn't hacked - just that an Avast "email" had it's password changed & it was simply a matter of taking back control of the "email" (whatever the fcuk "email" is supposed to mean).

IMO, from their wording, Avast servers got hacked & their trying to BS otherwise.

No, hackers just took advantage of weak Network Solution password reset policy.
Nothing to do with Avast...

I am still leaning to network solutions had a poor policy. Then avast just reset their stuff so any issues with network solutions didnt follow to them.

If it was Network Solutions "poor policy" then why the heck didn't the AV companies notice this and demand that it be fixed before something like this happened? Bungling idiots is how the AV vendors appear. It doesn't instill confidence that one should install and use their AVs.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

'Poor policy' means bugged reset policy. So companies using their service could not knowing it. See here for more details: »www.pcworld.com/article/ ··· ack.html

The article is wrong -- the websites weren't hacked, people attempting to reach them were directed to other sites. .... @#@%$^@$%^@# technically illiterate reporters ....

Or nothing/empty.

... Is this hack related to why I am getting many WhatsApp's voice mail spam e-mails lately?

Thank you in advance.

From the Avast explanation I would believe that the e-mail address used to administer their Network Solutions account had been changed and an e-mail was sent to the old address with that information, along with a "do this" if you did not initiate this change. Avast paid attention to said e-mail and took the necessary steps required to prevent their DNS records from being hijacked and pointed to non-Avast servers, others it seems, were not as diligent/fortunate.

This was not a hack against Avast directly it was an attempt to use Network Solutions procedures to change the DNS records. Obviously the Network Solutions procedures need to be re-evaluated and most likely updated to prevent similar attacks in the future.
--
"Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something." - Robert A. Heinlein