AVG Website Apparently Hacked by Palestinian Group (Updated)
AVG website defaced by Pakistani hackers of KDSM Team
Enlarge picture The Palestinian hacker group KDSM Team has defaced the main website of AVG Technologies, avg.com. It’s uncertain if the incident is a result of a breach of AVG’s systems or if it’s another case of DNS hijacking.
At the time of writing, the site is restored. However, security expert Graham Cluley has captured a screenshot of the defacement page.
“We are here to deliver two messages. First one: we want to tell you that there is a land called Palestine on the earth. This land has been stolen by Zionist. Do you know it? Palestinian people has the right to live in peace. Deserve to liberate their land and release all prisoners from Israeli jails. We want peace. Long live Palestine,” the hackers wrote on the defaced site.
They added, “Second message: There Is No Full Security. We Can Catch You! Hacked by KDMS team. Now We Will Quit Hacking.”
Interestingly, the part about “we will quit hacking” appears to be true since the group has deleted its Facebook page.
It’s uncertain how the hackers pulled this off. We’ve reached out to AVG in hopes that they can provide some clarifications. This article will be updated in case we hear from them, or if they publish a statement.
KDMS Team is the same group that claimed to have hacked LeaseWeb over the weekend. The hackers say they’ve stolen data from the web hosting company’s systems, but they haven’t provided any evidence to back their allegations.
LeaseWeb representatives said the attack was the result of a DNS hijack. It’s possible that a DNS poisoning attack is behind the AVG website defacement as well, but we’ll probably find out for sure once AVG comes forward with a statement.
Update. Experts have confirmed that this is a case of DNS hijacking. It appears that avg.com is not the only domain affected. Avira and WhatsApp websites have also been defaced in the same manner.
The visitors of these sites see the real site or the defacement page depending on what DNS they're using.
Also, the hackers have clarified that their Facebook page was actually deleted by Facebook.
Source
