Algerian Hacker today hijack DNS Yahoo, Microsoft or Google and Paypal redirect users to a deface page. Credit being taken by Hacker going by name MCA-CRB, a serial website defacer.
MCA-CRB is a prolific online graffiti artist who has defaced at least 5,000 sites, according to records kept by Zone-H. After Hijacking both domains resolve to an IP address located in the Netherlands," at 95.128.3.172 (server1.joomlapartner.nl).
"When we heard about this incident, we were pretty skeptical about the attack. A site such as Google's can be theoretically hacked, but it is very unlikely. Then we noticed that both domains were directed to an IP address in the Netherlands […], so it seemed more like a DNS poisoning attack," said Stefan Tanase from Kaspersky Lab Romania.
"All we know is that Google's public DNS servers (8.8.8.8 and 8.8.4.4) were resolving requests for google.ro and other major .RO websites to the IP address hosting the defacement page," Tanase said.
"All we know is that Google's public DNS servers (8.8.8.8 and 8.8.4.4) were resolving requests for google.ro and other major .RO websites to the IP address hosting the defacement page," Tanase said.
Google Romania also explained it was a domain issue and the company is currently investigating the issue with the organization responsible for managing domain names in Romania, Romania Top Level Domain.
