Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

ESET and Bitdefender hijacked by KDMS Team

tezza

By tezza
in Security & Privacy News

 Share

Recommended Posts

Gabben

Gabben

Posted
Posted

It seems that it is time to go back to Kaspersky...

Why? ESET was never hacked. These are DNS servers wich are operated by an ISP. ESET and Bitdefender has nothing to do with this. Kaspersky is a great product just don't change only because this.

Link to comment
Share on other sites
  • Replies 35
  • Views 5.7k
  • Created
  • Last Reply

Top Posters In This Topic

  • emerglines

    3

  • tezza

    2

  • ramiz0

    2

  • DarkSlayer

    2

Popular Days

Top Posters In This Topic

Popular Days

jimbojet2011

jimbojet2011

Posted
Posted

Not a single sign here Bitdefender alive and well

Link to comment
Share on other sites
knowledge-Spammer

knowledge-Spammer

Posted
Posted (edited)

removed befor mods do it

Edited by knowledge
Link to comment
Share on other sites
STEEL

STEEL

Posted
Posted (edited)

Identification of several potential members of KDMS Team, a pro-Palestinian group that conducted DNS-hijacking attacks and defacements against AVG, LeaseWeb, Avira, and WhatsApp, also Rapid7.

(@KDMSTeam), was identified to be active on Twitter for less than one day (as of 8 October). Of particular interest were several accounts that @KDMSTeam was following. There were 16 Twitter accounts that KDMS Team was following as of 8 October 2013:

@wassemashraf (Wassem Ashraf) has been on twitter for 383 days and tweeted only twice. Last tweet was 323 days ago

@abuwessam90 (Omar Ashraf; possibly related to, or same as, Wassem Ashraf) has been on twitter for 144 days and has tweeted only once. Last tweet was 143 days ago. Confirmed to be closely associated with (if not related to) Wassem Ashraf.

@123storm123 (Storm) has been on twitter for 1182d and has tweeted only once. Last tweet was 1181 days ago (asking @w3bd3vil how to load server.exe into an xls).

@HassanAboAbed (Hassan Abuabed) has been on twitter 1150d and has tweeted only once. Last tweet was 156 days ago

@white_2_2 (M4St3r M1ND), a highly suspected user behind #KDMSTeam.

The letters in KDMS Team stands for the initials for the names/usernames of the team members:
Kolmtk ([email protected])
Dod ([email protected])
M4st3r ([email protected])
S4w ([email protected])

@white_2_2 (M4St3r M1ND) is likely one of the key actors behind KDMS Team

Because of KDMS Team’s relatively new presence on Twitter, it is highly suspicious that it knows about, and follows, accounts that have not been active or tweeted for 6 months to over 3 years.

the same individual or group established all four accounts based off the similar list of followers and followees of the four accounts.

As of 9 October, KDMS Team had over 1650 followers and itself was following only eight accounts instead of 16 as the day prior. None of the four accounts listed above were followed by KDMS as of 9 October, which was indicative of possible deception by the group to mask or hide their association with these members.

As of 11 October, #KDMSTeam was following 0 accounts. this can be seen as a method deception and plausible deniability by members of KDMSTeam.

There was one Twitter handle of interest that was being followed by KDMS Team (as of 9 October)

@jstmohand (Mohanad), has been on twitter 887 days and has tweeted 5950 times. Last tweet was 9 October 2013.

Additionally, there is handle with a similar name that also follows @wassemashraf, @mohnadk (Mohannad CoooL).

KDMS Team has two affiliated Facebook pages, one being a Community Page, the other labeled as a “Video Game” page.

High-fidelity match for Wassem Ashraf’s Facebook page to the Twitter account above

Wassem Ashraf: www.facebook.com/WASSEM.ASHRAF.AGAH
Omar Ashraf: www.facebook.com/abo.wessam.90 (coincidence that one of the twitter accounts was @abuwessam90, no?)
Firas Abu Azab: www.facebook.com/firaz.abuazab


There is also a Facebook associate/follower of Wassem, Mohanad Abudalfa, which is currently only a first-name match for @jstmohand (Mohanad):

“people who Like KDMS Team” populated an extensive listed of Facebook members. Within the list, only one individual, Firas Abu Azab (Abo Omr), was listed as being “From” or “Lives In” Gaza (Palestine). No other members within the first 10 pages (120 results) indicated as being from or living in any Palestinian territory other than Firas Abu Azab. Firas posted few references and updates to KDMS Team’s recent activities and attacks, further suggesting some level of involvement or affiliation to the group (at least more so than other members that simply “Like” KDMS Team).

Firas indicated in the “About” page the following information:

Current Residence: Gaza, Palestine
Address: Khan Younis near the Nasser Hospital (Palestine)
DoB: July 16, 1984
Family Members: Sameh Abu Azab (Nephew), Hasan Abu Azab (Cousin), Waseem Mahmoud (Cousin)

The following are suspects as being involved with, or members of, or closely associated to members of KDMS Team:
@wassemashraf (wassem ashraf)
@abuwessam90 (Omar Ashraf).
@white_2_2 (M4St3r M1ND)
@mohnadk (Mohannad CoooL)
@jstmohand (possibly Mohanad Abudalfa, unconfirmed)
Firas Abu Azab

The person who actually DID this particular doxing was a guy named John :lol: works for Evan Kohlmann :rofl:

P.S.

Over the past week, we’ve seen a lot of website defacements as a result of DNS hijacking. Two hacker teams stood out.

Pakistani hackers of Team Madleets have defaced a couple of Google Malaysia domains via DNS poisoning. Malaysian registrar MYNIC has published a statement to clarify the fact that the hackers pulled off the attack by exploiting a reseller account.

Previously, the same group defaced several high-profile domains from Suriname, Antigua and Barbuda, and Saint Lucia.

The list includes audi.sr, blackberry.sr, avg.sr, bing.sr, microsoft.sr, mastercard.sr, intel.sr, microsoftwindows.sr, msn.sr, philips.sr, samsung.com.ag, orange.com.ag, cola.ag, oracle.co.ag, ibm.ag, canon.ag, clarion.ag, fujitsu.ag, hitachi.ag, toshiba.ag, bmw.lc, toshiba.lc, hitachi.lc and honda.lc.

In September, the same team targeted Google Kenya and Google Burundi.

KDMS Team has also leveraged DNS hijacking to deface some high-profile domains. The list includes the websites of LeaseWeb, AVG, Avira, WhatsApp, Metasploit and Rapid7.

According to Avast, their website was also targeted, but the company was vigilant and managed to contain the attack before any damage was caused.

The DNS records of Avira, AVG and WhatsApp websites were altered after the hackers breached the systems of Network Solutions. In the case of Rapid7, the attackers sent a fax with a spoofed change request to Register.com. Both Register.com and Network Solutions are owned by Web.com.

KDMS Team is a pro-Palestinian group whose members are trying to raise awareness of the situation in Palestine.

As far as the arrest of Paunch is concerned, first rumors of the alleged BlackHole exploit kit creator’s arrest surfaced on Monday. Later, Europol confirmed that Russian authorities detained a high-profile cybercriminal.

Security experts immediately noticed the effects of the arrest. F-Secure says the BlackHole and Cool exploits kits developed by Paunch are no longer getting updates and cybercriminals have stopped using them.

Here are some other interesting stories, in case you’ve missed them:

Security researcher rewarded for finding vulnerability in Gmail for iOS

Expert says hackers can decrypt WhatsApp messages

LulzSec hackers from Ireland will not go to jail

PureVPN hacked

Latvia’s State Employment Agency hacked by Anonymous

Latvian accused of creating Gozi virus released from jail

LulzSec Peru leaks files allegedly stolen from Venezuelan Army

:rolleyes:AS PER SOFTPEDIA

Edited by STEEL
Link to comment
Share on other sites
DarkSlayer

DarkSlayer

Posted
Posted

BitDefender is behaving normally here. Thank heaven, because my license still has 354 days left.

BitDefender is really good, but these news scared a lot of people.

Link to comment
Share on other sites
NightWalker

NightWalker

Posted
Posted

p21gn.jpg

Kaspersky got hacked at least 3 times and it was more serious than DNS hack.

http://www.pcworld.com/article/159199/article.html

http://countermeasures.trendmicro.eu/kaspersky-download-site-spread-fake-av/

http://thehackernews.com/2011/01/kasperskys-security-suite-source-code.html

Even the source corde was leaked at some point, it happened to Symantec too ^_^

Link to comment
Share on other sites
Bhindu

Bhindu

Posted
Posted
Hi there,
We must point out that Bitdefender was NOT hacked. We've contacted register.com and they fixed the issue. All Bitdefender customers are and were 100% protected.

Bitdefender.com is down here :shutup:

Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...