:frowning: :o

Avira official website seems hacked
official where? ..... avast.com works fine here

Pondus, he says Avira not Avast :stuck_out_tongue:

Here is what happened an Egyptian hacker found a tiny little XSS hole and “wormed” through it to hack avira: http://thehackernews.com/2013/04/minor-flaw-allows-hacker-to-hijack_12.html
This time it was XSS flaws (not enough input/output validation performed, or not enough server hardening).

The next enormous wave of hacked sites will be because of evil DNS manipulation
(C&C via TOR), reporting an example with two different AS MX here: http://forum.avast.com/index.php?topic=136266.0
Believe me folks this is going to be a new trend.

Van Wallenstein warned against three forms of DNS hijacking:

  1. DNS-cache poisoning, as Dan Kaminsky opened our eyes to this form of attack and the DNS-weakness involved (via recursor abuse for instance).
  2. Then the authoritive nameserver can be hijacked with a worldwide effect as DNS records are being altered. Acess Control Lists and Extra Strong Passwords are to defense against this form of attack. Staff should be trained not to fall for so-called social engineering tactics.
  3. The worst attack is changing the domain registration at the registrar’s. If the cache cannot be emptied in time the attack can go on for hours or days even because of the TTL as a DNS server cache lasts for 86.400 sec as a rule. Protection according to Brenton Van Dyn is to preferably have the control over the nameservers inside the organization - in-house (attack 1-3).
    Types of DNS manipulation info I got thanks to an article by Steve Ragan (credits - Steve Ragan).

Conclusion: avast! team should already be aware to this and put up internal team training to avoid such situations.

polonus

aha …yea… hmmm ::slight_smile:

well avira.com sure display that pic urlQuery report http://urlquery.net/report.php?id=6452449

Who cares about Avira official website has been hacked and it’s their bloody problem, I only worry about Avast if this does happen and I’m sure they won’t because our guys are far to smart for Avira ;D

Would like to hear Omid"s reaction.
Far too much excessive header info spread to the world and hackers:
Hack via htxp://avira.com/404testpage4525d2fdc -now I get: [8-October-2013 9:15:10] PHP Fatal error: File not found
System Details:
Running on: Apache/2.2.24
System info: (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635

polonus

I just hope avast administrator tighten their server security more up.
Don’t let hackers invade avast servers.

Hi NON,

As you see from this scan, some insecurity still exists: https://asafaweb.com/Scan?Url=http://forum.avast.com/index.php
Excessive header warning was thwarted by using Avast Website Server - a non-existing server…

2 cookies are being set without the “HttpOnly” flag being set (name : value):

polonus

AVG was hacked as well

And dont forget Whatsapp

They got hacked too.

I can also confirm that there was a hacker attempt against our site (avast.com) earlier today (probably by the same group) but it was thankfully contained.

Cheers,
Vlk

I hope you are good protected down there in Prague. :wink:

Kaspersky gets attacked almost every day.

Aviras Website is still down at the moment, they attacked the DNS Servers not Avira directely by the way.

Well, they need to operate their DNS servers, that’s all I can say… The fact that they don’t isn’t a very good excuse. :slight_smile:

Thats now their problem. :slight_smile:

Glad to hear avast server are protected well, it’s excellent :wink:

Good job avast team…

AVG, Avira and WhatsApp use the same DNS provider and it was hijacked :slight_smile:

http://thehackernews.com/2013/10/whatsapp-and-avg-antivirus-firm.html

Hi Omid Farhang,

So in the end it was a DNS hijack attack as Avira now has confirmed to have taken place:
http://techblog.avira.com/2013/10/08/major-dns-hijacking-affecting-major-websites-including-avira-com/en/
My advice to Avira’s and avast! as well is to have their own name servers inside their very organizations,
so they can be better be validated and controlled.
As was predicted by me higher up in this thread their will be an enormous surge in DNS-related attacks in the foreseeable future.
Let this not fall on deaf ears! So please avast! team be prepared!
But I think Vlk has confirmed they are prepared to meet any such situation.

polonus

Avira is now back online.

Here we find avast’s side of the story as related by Deborah Salimi
how Vince Steckler’s (AVAST CEO) attentiveness saved avast’s day:
https://blog.avast.com/2013/10/09/attempted-hack-against-avast/
On Passive DNS Hardening read: https://archive.farsightsecurity.com/Passive_DNS/passive_dns_hardening_handout.pdf
article author = Robert Edmonds, Internet Systems Consortium, Inc.

polonus