Vigilance saves Avast anti-virus from having its website pwned

AvastIt has been revealed that WhatsApp, AVG and Avira weren’t the only companies to be targeted by a pro-Palestinian hacking gang this week.

Anti-virus firm Avast was also in the firing line of the “KDMS Team”, who successfully changed the DNS records of Avast’s rivals AVG and Avira as well as those of popular smartphone app WhatsApp.

The KDMS Team’s successful unauthorised access to the Network Solutions accounts of AVG, Avira and WhatsApp appears to have been the reason that websurfers found themselves visiting a page playing the Palestinian national anthem and displaying a political message under the title “You’ve been pwned”.

What visitors to AVG's website saw

There was no such embarrassment for Avast, however, as a blog post from the Czech security firm reveals.

Yesterday, several companies had their websites hijacked by pro-Palestinian hackers. We can confirm that there was also a hacker attempt against the AVAST site – we assume from the same group – but we took immediate steps and therefore were able to contain it.

According to published reports, the hacked companies’ accounts, used to manage their DNS records at their vendor, Network Solutions, have been reset. This allowed the hackers to take control of the websites in question. It’s unlikely that any of the sites that were attacked lost control of any of their own servers, so customer data most likely was not compromised.

“We ourselves received a notification from Network Solutions saying our email had been changed. We knew we had not requested that so we immediately took action and changed our passwords, which protected us,” said Vincent Steckler, AVAST CEO

Whoever the employee was at Avast who spotted the suspicious email change notification from Network Solutions, they should be commended for his or her prompt action, as it certainly helped avoid what could have been an embarrassing incident for the security company.

It’s a timely reminder for all companies about the part that people can play in securing your business. You can have all the technology in the world, but sometimes old-fashioned human vigilance can be the difference between a serious security incident and an attempted attack being foiled.

Sign up to our free newsletter.
Security news, advice, and tips.

Maybe Avast CEO Vincent Steckler will thank the person who realised the account change was suspicious by buying them a beer – if Avast has any left, of course. :)

Meanwhile, no details have emerged of just how the hackers managed to convince Network Solutions into change the email addresses associated with accounts.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Vigilance saves Avast anti-virus from having its website pwned”

  1. Wayne

    I have a paid subscription and diligently update the software whenever Avast requests it. This last upgrade caused my Outlook not to work. They changed some settings that originally allowed it to work just fine. When I called support they told me the only way that they would fix the problem they caused was if I paid them $180.

    What was once a good company to work with has become completely disreputable. It happens. Too bad. Probably some new ruthless management trying to hold their current customer base hostage. These little minds often kill a company before the company is able to regain its sanity. I have seen company after company perish after instituting unscrupulous tactics like this. Luckily, there are plenty of excellent competitors out there.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.