Here is another DNS poison attack. we can call this month as 'Month of DNS posion attack'. The report says hackers compromised the RoTLD - The Romanian Top Level Domain Registry and poisoned the DNS Records.
An Algerian Hacker group called MCA-CRB allegedly hijacked the domain registrar and change the DNS record such that it points to defacement page.
The list of affected Top Level Domains:
- google.ro
- yahoo.ro
- microsoft.ro
- paypal.ro
- kaspersky.ro
- windows.ro
- hotmail.ro
Hackers modified the DNS records such that it points to an IP address located in the Netherlands: 95.128.3.172 (server1.joomlapartner.nl) .
The mirror of the defacement can be found here:
http://www.zone-h.org/archive/notifier=MCA-CRB
At the time of writing, the affected sites are back to online and working properly.
According to the Zone-H record, the hacker group MCA-DRB, has defaced 5,530 site websites so far, many of them appearing to cover government and public services sites from countries across Asia, Africa, Europe, Australia and the Americas.
Few days back, hackers break into the PKNIC site using SQL Injection vulnerability and changed the DNS records that results in hundreds of Top level pakistani domains hijack which includes Google , Microsoft, paypal and more domains.