Skip to main content

Anti-Virus Websites Hacked by Palestinian Nationalists

No company wants its website hacked, but it's particularly embarrassing if you sell goods and services designed to prevent hacking, such as two of the best antivirus software programs.

Antivirus software providers AVG and Avira, as well as instant-messaging app maker WhatsApp, today (Oct. 8) fell victim to Palestinian nationalist hackers who redirected users to their own Web page via a subtle method known as DNS (Domain Name System)  hijacking.

The hacks come from an ill-defined organization known as the KDMS Team, who also claim association with Anonymous Palestine. KDMS has no apparent desire to spread malware or gather user information, but rather wants to leverage high-profile websites to spread a nationalistic (if poorly spelled) missive.

"We are here to deliver tow [sic] messages," KDMS declared on the hacked websites. The group claims that Palestinian land has been stolen by Zionists, and that the Palestinians wish to live peacefully following the release of all Palestinian prisoners from Israeli jails.

MORE: 5 Free PC Security Programs Worth Downloading

"We want peace" and "Long live Palestine" follow, as do a Palestinian flag and map illustrating the shrinking Palestinian territory between 1946 and 2000 (historians will note that Israel, which now possesses most formerly Palestinian land, came into existence in 1948).

AVG, the antivirus arm of Czech security company Grisoft, has already cleaned up its website and returned its functionality to normal. If your inner subversive is dying to see what KDMS has accomplished, the site for German antivirus firm Avira remains in their hands at the time of writing.

The website for popular mobile messaging service WhatsApp was also affected and, as of this writing, still plays the Palestinian national anthem. There is no evidence that the WhatsApp app itself has been compromised.

Aside from the inherent irony of security websites falling prey to malefactors, the KDMS hack is interesting in that it is using DNS hijacking to redirect users, rather than modifying existing content on its victim sites.

DNS hijacking is a practice used by hackers, phishers and, occasionally, Internet service providers. The process fools Internet browsers into connecting to one site when it means to connect to another.

An ISP might do this in order to route users back to its own search engine; KDMS has done it to redirect users to its oddly translated message.

The reason why these three companies have found themselves in Palestinian crosshairs is because their DNS entries are maintained by Network Solutions, a major domain-name registry.

According to a report from Softpedia, Network Solutions replied to a fake password-reset request, granting KDMS all the tools they needed to hijack the companies' websites without resorting to sophisticated hacking techniques.

In the meantime, AVG is back to normal, and Avira and WhatsApp should follow suit soon enough. If you visited any of the hijacked websites, you have nothing to worry about (save for a MIDI of the Palestinian national anthem getting stuck in your head).

If you use services with password-reset options, consider using two-step authentication to prevent a situation like this one.

And if you use operating systems other than Windows, please check out our lists of the best Mac antivirus software and the best Android antivirus apps.

Follow Marshall Honorof @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.

  • coolitic
    wait, the hacks have to do with nationalism?
    I always thought it was just some idiots trolling? (well they still are idiots)
  • coolitic
    They seem to show their message poorly.
  • de5_Roy
    i just got a server not found error for a while.
    these guys should really step up their security being security software vendors themselves.
  • eza
    The headline should be "Network Solutions allow social engineering attack" :-(
  • kefob
    They really need to fix this article. It wasn't Avira or AVG that got hacked, it was Network Solutions. Both of these companies are using Network Solutions for their DNS. The hackers made changes in the Network Solutions systems, but never had access to the Avira or AVG networks. So the lack of security here would fall to NS.
  • spectrewind
    I think the quality of this article is rather poor by way of misleading title.

    A DNS SPOOF/cache poisoning has NOTHING to do with the hacking of a website. It's just a redirect. Someone broke into the authoritative DNS registry for the A-Record of the FQDN to IP lookup and set it to a different IP (the hacker website).

    Poorly titled for click-bating and ad casting.
  • wiinippongamer
  • YardstickWHACK
    I don't think attacking web sites is the best way to garner sympathy for your cause. Better than firing rockets, I guess.
  • AppleGoingDown

    Israel attacks men women and children with WMD's in order to steal land and oppress an entire culture


    You criticize Palestinians doing some civil disobedience?


    This is a direct response to Yardstick who implies Palestinians are terrorists. Has this site become islamophobic and pro-israeli terror?
  • rsweq

    Ignorance is bliss for you.