CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 25th, 2010

Vulnerability Research Vendor Secunia.com Domain Hijacked And Defaced

The domain name of vulnerability research company Secunia was redirected earlier today to an unrelated Web page showing a message in Turkish, after its DNS records were altered.

Secunia is one of the world’s leading vulnerability intelligence and management vendors. Based in Denmark, the company tracks, rates and catalogs security vulnerabilities in more than 30,000 software applications, operating systems and appliances.

For one hour and ten minutes today, starting with 00:40 AM CET, users who visited secunia.com saw a page displaying a message reading “Is?ms?z Kahramanlar Sunar.. System Get Down Gel Babana…” and a graphic showing a dragon with the text “TurkGivenligi” (Turk Security).

According to the vendor, the attack was the result of the authoritative DNS hosting being redirected. The exact circumstances under which this happened are still being investigated.

The Domain Name System (DNS) is one of the building blocks of the Internet and is responsible for translating domain names into IP addresses.

The secunia.com domain normally resolves to 213.150.41.226, an IP address in Denmark, which belongs to the security company.

However, according to SANS ISC, during the attack, the domain pointed to 81.95.49.32, an IP registered to an UK company called Avensys Networks.

The most straight-forward method of hijacking a domain in this way, short of compromising its authoritative DNS server, is to change its corresponding NS records from the registrar-provided administration panel.

The technique usually involves socially engineering registrar employees and has previously been used to hijack high profile domains like comcast.net, twitter.com and baidu.com.

Three hackers responsible for hijacking Comcast’s domain in 2008 have already received prison sentences for their action.

Baidu sued Register.com last year for gross negligence, after the company’s staff gave hackers access to its domain name despite failing to pass the required security checks.

Credit: Softpedia.com News, SANS Internet Storm Center

Share this item with others:

More on CyberInsecure:
  • Hijacked High-Ranked Sites Serve Malicious, Illegal Content, Blacklisted By Google
  • High Profile New Zealand Sites Registered At Domainz.net Defaced Through DNS Hijack
  • Hackers Hijack ICANN And IANA’s Domains
  • Google Bangladesh Google.com.bd DNS Hijacked, Redirects Visitors For A Limited Time
  • InvisionFree.com Hacked And Defaced

    • Posted in Breaches And Incidents, Hacked, Targeted Attacks | Print This Post Print This Post

    This entry was posted on Thursday, November 25th, 2010 at 5:09 am and is filed under Breaches And Incidents, Hacked, Targeted Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Vulnerability Research Vendor Secunia.com Domain Hijacked And Defaced

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »