Google Malaysia (google.com.my) website hacked by Madleets hackers, they are formally called as the “Team Madleets.”
The online attack on Google.com.my, which saw the search engine’s main page hacked with this words "Google Malaysia STAMPED by PAKISTANI LEETS," took place at about 4 am earlier this morning.
Hackers are used the "DNS Poisoning attack" for this. DNS poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.
One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server. In 2010, a DNS poisoning event resulted in the Great Firewall of China temporarily escaping China’s national borders, censoring the Internet in the USA until the problem was fixed.
This is the second time happen this situation to .My Domains, the First attack happened on July 3 hacked by Bangladesh Hackers.
It is not currently known how many .my websites have been affected by the attack. MyNIC is the register of .my domain, they are posted in their website
"We can confirm there was unauthorised redirection of www.google.com.my and www.google.my to another IP address by a group which called themselves TeaM MADLEETS.
The problem was alerted in the early morning and MYNIC Computer Security Incident Response Team (CSIRT) immediately started to resolve the issue. The domain name www.google.com.my has been restored to their correct information at 7.10 am today and www.google.my is still resolving.
At the moment, we are undertaking all necessary measures to monitor the situation and prevent further related issues."
Google Malaysia issued a statement regarding this incident
“For a short period, some users visiting google.com.my were redirected to a different website; Google services for the google.com.my domain were not hacked. We've been in contact with the organisation responsible for managing this domain name and the issue should be resolved.”
Google Malaysia's domain host on Integricity Technology's, they said on their site regarding this
Just after midnight on October 2013, our FatServers operations centre was notified of an unauthorised update to one of the domains under our care – google.com.my.
We immediately tried to log into the MYNIC reseller system to check on the status, but were unable to do so. The DNS servers for this domain have been modified and this has caused the URL to be pointed to a page that shows the site has been hacked.
The hackers claim to be TeaM MADLEETS from Pakistan.
11 Oct 2013, 4.07am (GMT+8)
We have just received a call from MYNIC to inform us that their technical team has now been alerted and is working to identify the source of the issue and rectify the problem. We will be contacted when they are able to furnish us with updates.
11 Oct 2013, 5.45am (GMT+8)
While we have not had any official updates from MYNIC yet, our checks show that the DNS servers for google.com.my and google.my have been restored to ns1.google.com and ns2.google.com. It will take some time for the new DNS servers to be updated throughout the world, but it should happen soon.
11 Oct 2013, 9.20am (GMT+8)
We received two calls from MYNIC – one to inform us that the DNS servers have been changed to the rightful ones (which we already knew at 5.45am based on our whois). They mentioned that the full report would only be released after a detailed investigation. The second call informed us that our MYNIC reseller logins have been blocked temporarily to facilitate investigation.
11 Oct 2013, 10.36am (GMT+8)
MYNIC has restored our reseller access to their system. We are now able to manage domains for our customers again. Their investigations are still ongoing
The online attack on Google.com.my, which saw the search engine’s main page hacked with this words "Google Malaysia STAMPED by PAKISTANI LEETS," took place at about 4 am earlier this morning.
Hackers are used the "DNS Poisoning attack" for this. DNS poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.
One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server. In 2010, a DNS poisoning event resulted in the Great Firewall of China temporarily escaping China’s national borders, censoring the Internet in the USA until the problem was fixed.
This is the second time happen this situation to .My Domains, the First attack happened on July 3 hacked by Bangladesh Hackers.
It is not currently known how many .my websites have been affected by the attack. MyNIC is the register of .my domain, they are posted in their website
"We can confirm there was unauthorised redirection of www.google.com.my and www.google.my to another IP address by a group which called themselves TeaM MADLEETS.
The problem was alerted in the early morning and MYNIC Computer Security Incident Response Team (CSIRT) immediately started to resolve the issue. The domain name www.google.com.my has been restored to their correct information at 7.10 am today and www.google.my is still resolving.
At the moment, we are undertaking all necessary measures to monitor the situation and prevent further related issues."
Google Malaysia issued a statement regarding this incident
“For a short period, some users visiting google.com.my were redirected to a different website; Google services for the google.com.my domain were not hacked. We've been in contact with the organisation responsible for managing this domain name and the issue should be resolved.”
Google Malaysia's domain host on Integricity Technology's, they said on their site regarding this
Just after midnight on October 2013, our FatServers operations centre was notified of an unauthorised update to one of the domains under our care – google.com.my.
We immediately tried to log into the MYNIC reseller system to check on the status, but were unable to do so. The DNS servers for this domain have been modified and this has caused the URL to be pointed to a page that shows the site has been hacked.
The hackers claim to be TeaM MADLEETS from Pakistan.
11 Oct 2013, 4.07am (GMT+8)
We have just received a call from MYNIC to inform us that their technical team has now been alerted and is working to identify the source of the issue and rectify the problem. We will be contacted when they are able to furnish us with updates.
11 Oct 2013, 5.45am (GMT+8)
While we have not had any official updates from MYNIC yet, our checks show that the DNS servers for google.com.my and google.my have been restored to ns1.google.com and ns2.google.com. It will take some time for the new DNS servers to be updated throughout the world, but it should happen soon.
11 Oct 2013, 9.20am (GMT+8)
We received two calls from MYNIC – one to inform us that the DNS servers have been changed to the rightful ones (which we already knew at 5.45am based on our whois). They mentioned that the full report would only be released after a detailed investigation. The second call informed us that our MYNIC reseller logins have been blocked temporarily to facilitate investigation.
11 Oct 2013, 10.36am (GMT+8)
MYNIC has restored our reseller access to their system. We are now able to manage domains for our customers again. Their investigations are still ongoing
Dear All,
ReplyDeleteWe are going to introduce you a new and exciting world of social network.
FUNBOOK
Join now for free and be a part of this fast growing online social community. Enjoy the new features at one place.
Click Here to Join
or
feel free to contact us HERE
Your precious feedback is highly appreciated
Best of Luck