小红伞官方公告:官网被黑客更改引导DNS通知
各位Avira用户:
今日 2013年10月8日 12:15分(CET欧洲中部时间+2) 我们因为DNS服务问题令官网无法上线,包括Avira在内等多家企业网站被一个名为KDMS的黑客组织影响。注意:Avira的服务器并没有受到任何威胁或被黑情况。
这次攻击是发生于我们使用的ISP"Network Solutions"被黑客DNS攻击引致。
发生甚么事?
在DNS纪录内的多间网站包括Avira.com,域名被引导致非Avira网站,此问题发生于我们在Networks Soultions注册并用于管理的帐户遭受虚假密码重设的要求,而此通知并不属于任何Avira员工所发出。不过Networks Solution是接受此要求并允许第三方可以控制我们的DNS 域名。并且使用一个由网络犯罪组织全新的认证去允许更改DNS服务器的接入点。
我们的内部网络并没有受此问题影响。由于事件严重,因此我们决定暂时停止所有官网网站进阶/延伸服务。
直至我们能顺利取回所有被更改的DNS位置。
下一步动作?
我们正在与ISP联络以便取回域名的控制权,并且当问题解决后,Avira服务才会恢复正常。
在这点上,我们并没有意识到这样可能影响到我们的客户。
我们会持续更新有关问题最新消息。
---------------------------------------------------------------------------------------------
原文
Dear fans,
today, October 8th 2013, 12:15 CET+2, we have experienced a major disruption in our DNS service.
It appears that several websites of Avira as well as other companies have been compromised by a group called KDMS. The websites of Avira have not been hacked, the attack happened at our Internet Service Provider “Network Solutions”.
What happened?
The DNS records of various websites, including those of Avira.com, were changed to point to other domains that do not belong to Avira.
It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira. Network Solutions appears to have honored this request and allowed a 3rd party to assume control of our DNS. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers.
Our internal network has not has not been compromised in any way. As a measure of security we have shut down all exterior services until we have all DNS entries in our possession again.
What are the next steps?
We are working with the ISP to receive control on the domain name and only when we have solved the problem we will restore the access to the Avira services.
At this point we are not aware of any effect to our customers.
Of course, we will keep you updated on the matter!