Friday, February 15, 2013
TiGER-M@TE hacked Malwai Google, Yahoo, MSN, Windows
Deface Page:
Famous Bangladeshi hacker TiGER-M@TE known for his big defacements strikes again! This time he teams up with another hacker 'h311 c0d3' for another big defacement campaign.The hacker managed to hack into Malawi (.mw) Domain Registrar website and also target Master and Slave DNS servers.
The attackers changed the authoritative DNS records for the affected domains, to point the domain names to their own web server with a deface page hosted on it.
It’s not clear how this attack was carried out, but it may have involved compromising the system operated by the Moroccan Top Level Domain Registrar (MaTLD).
Hackers are continuously attacking on domain registrars of a country and redirect domains to a hosted deface page. We have reported about these kind of DNS attacks. Pakbugs also hijack domains with the same DNS attack of different countries by hacking Uganda, Morocco and Pakistani NIC.
Hacked Domains with Mirrors by TiGER-M@TE:
http://msn.mw
http://www.zone-h.com/mirror/id/19294618
http://www.google.co.mw
http://www.zone-h.com/mirror/id/19294503
http://www.google.mw
http://www.zone-h.com/mirror/id/19294486
http://fanta.mw
http://www.zone-h.com/mirror/id/19294032
http://yahoo.mw
http://www.zone-h.com/mirror/id/19293896
Hacked Domains with Mirrors by h311 c0d3:
http://gmail.com.mw
http://www.zone-h.com/mirror/id/19295499
http://www.google.com.mw
http://www.zone-h.com/mirror/id/19293364
http://kaspersky.mw
http://www.zone-h.com/mirror/id/19294931
http://windows.mw
http://www.zone-h.com/mirror/id/19294984
http://images.google.com.mw
http://www.zone-h.com/mirror/id/19293263
http://translate.google.com.mw
http://www.zone-h.com/mirror/id/19293526
http://msn.com.mw
http://www.zone-h.com/mirror/id/19293527
DNS is the system that converts website names into an IP address of the server hosting the website. A DNS poisoning attack tampers the valid list with fake records causing domain names to resolve to incorrect IP addresses.
Why deface one website, when you can just hack the server that holds the IP address to the victim’s site? So, if you can hack the Domain Name System registrar that holds the records for an entire country, you can change any of the servers that you like to point to any website that you want.
These attacks can be much worse, if the hacktivists are a more malicious group. Like Nation State hackers, for example, who want to infect groups of systems from a target nation. Or gather pertinent credentials from users who think they are on a legitimate website, and not a spoofed one reached via Domain Name System manipulation. Imagine, how many accounts can be compromised if the websites are redirected to a Phishing page, instead of a defaced page.
At the time of reporting, Domain Registrar fix the DNS server records and all affected domains are pointed back to original servers.
Categories : Defacements , DNS Poisoning Attack , h311 c0d3 , Hacking News , Malwai Google , TiGER-MaTE
About Author:
Nauman Ashraf is a security researcher, developer and blogger. He is Founder and Chief Editor of The Hackers Post. Follow him on
Twitter
0 Responses to “ TiGER-M@TE hacked Malwai Google, Yahoo, MSN, Windows ”
Post a Comment