The Latest in IT Security

Romanian Google, Yahoo Users Redirected to Defacement Page

28
Nov
2012

Earlier today, visitors of web pages associated with Google and Yahoo search were instead being redirected to a defacement page.

Preliminary investigation reveals that neither Google, nor Yahoo servers have been hacked or otherwise compromised. Instead, the attackers have somehow changed the authoritative DNS records for the affected domains (which are maintained by registrar RoTLD) to point the domain names to a web server in the Netherlands that also probably got hacked.

This appears to be the same MO as that of the hackers who have poisoned the Pakistani registrar’s database a couple of days ago. However, while the motivation was strictly political – based on the message they left on the defaced page – in Pakistan, the attackers did not provide any clue about the reason they attacked the Romanian services. The troubled state of society in the Middle East has given birth to a number of responses from digital activist groups, that end up attacking popular websites and exposing innocent users as collateral damage

If you have visited the affected websites while they were compromised you are strongly advised to flush your DNS cache by typing ‘ipconfig /flushdns’ in Windows, ‘rndc flushname google.ro’ in Linux or Unix and ‘dscacheutil -flushcache’ in Mac OS X.

Update:

It appears that The Algerian Hacker Group, an organization made of almost 200 different teams of hackers is also targeting DNS systems of other national TLDs, as the Romanian hack is the fourth incident after Ireland, Pakistan and Israel – all incidents that took place in just one month.

Today’s attack managed to poison DNS cache servers of all internet service providers, including the Google DNS (8.8.8.8 and 8.8.4.4) as these ISPs cache the DNS resolution sent by RoTLD to speed up the resolution process when other similar requests are made .

Some ISPs have already flushed their caches, others are still serving rogue resolutions. We are continuously scanning the DNS zones for the Romanian internet and contacting ISPs individually for mitigating the crisis in the shortest time.

Related posts:
  1. Google.ro and other RO domains, victims of a possible DNS hijacking attack
  2. Website Getting Redirected? It Might Have Something To Do With Moneygram-tracking Dot Com
  3. Bogus Bank of America Google Plus page attacks their reputation
  4. Google tells Iranian users to check if their Gmail accounts have been hacked
  5. Yahoo phishing hides in compromised WordPress websites

Tags:  
Written by Bitdefender Labs
0 Comments

Leave a reply


Categories

FRIDAY, APRIL 19, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments