Friday, February 15, 2013

0

TiGER-M@TE hacked Malwai Google, Yahoo, MSN, Windows

  • Friday, February 15, 2013
  • Nauman Ashraf
  • TiGER-M@TE and h311 c0d3 strike again with DNS poisoning attack by targetting Malwai top tech organizations domains Google, Yahoo, MSN, Windows, Kaspersky and others.

    Deface Page:


    Famous Bangladeshi hacker TiGER-M@TE known for his big defacements strikes again! This time he teams up with another hacker 'h311 c0d3' for another big defacement campaign.The hacker managed to hack into Malawi (.mw) Domain Registrar website and also target Master and Slave DNS servers.

    The attackers changed the authoritative DNS records for the affected domains, to point the domain names to their own web server with a deface page hosted on it.

    It’s not clear how this attack was carried out, but it may have involved compromising the system operated by the Moroccan Top Level Domain Registrar (MaTLD).

    Hackers are continuously attacking on domain registrars of a country and redirect domains to a hosted deface page. We have reported about these kind of DNS attacks. Pakbugs also hijack domains with the same DNS attack of different countries by hacking Uganda, Morocco and Pakistani NIC. 

    Hacked Domains with Mirrors by TiGER-M@TE:

    http://msn.mw
    http://www.zone-h.com/mirror/id/19294618

    http://www.google.co.mw
    http://www.zone-h.com/mirror/id/19294503

    http://www.google.mw
    http://www.zone-h.com/mirror/id/19294486

    http://fanta.mw
    http://www.zone-h.com/mirror/id/19294032

    http://yahoo.mw
    http://www.zone-h.com/mirror/id/19293896



    Hacked Domains with Mirrors by h311 c0d3:

    http://gmail.com.mw
    http://www.zone-h.com/mirror/id/19295499

    http://www.google.com.mw
    http://www.zone-h.com/mirror/id/19293364

    http://kaspersky.mw
    http://www.zone-h.com/mirror/id/19294931

    http://windows.mw
    http://www.zone-h.com/mirror/id/19294984

    http://images.google.com.mw
    http://www.zone-h.com/mirror/id/19293263

    http://translate.google.com.mw
    http://www.zone-h.com/mirror/id/19293526

    http://msn.com.mw
    http://www.zone-h.com/mirror/id/19293527


    What is DNS poisoning?

    DNS is the system that converts website names into an IP address of the server hosting the website. A DNS poisoning attack tampers the valid list with fake records causing domain names to resolve to incorrect IP addresses.

    Why deface one website, when you can just hack the server that holds the IP address to the victim’s site? So, if you can hack the Domain Name System registrar that holds the records for an entire country, you can change any of the servers that you like to point to any website that you want.

    These attacks can be much worse, if the hacktivists are a more malicious group. Like Nation State hackers, for example, who want to infect groups of systems from a target nation. Or gather pertinent credentials from users who think they are on a legitimate website, and not a spoofed one reached via Domain Name System manipulation. Imagine, how many accounts can be compromised if the websites are redirected to a Phishing page, instead of a defaced page.


    At the time of reporting, Domain Registrar fix the DNS server records and all affected domains are pointed back to original servers.

    0 Responses to “ TiGER-M@TE hacked Malwai Google, Yahoo, MSN, Windows ”

    Post a Comment

    Subscribe