Here is what happened an Egyptian hacker found a tiny little XSS hole and "wormed" through it to hack avira:
http://thehackernews.com/2013/04/minor-flaw-allows-hacker-to-hijack_12.htmlThis time it was XSS flaws (not enough input/output validation performed, or not enough server hardening).
The next enormous wave of hacked sites will be because of evil DNS manipulation
(C&C via TOR), reporting an example with two different AS MX here:
http://forum.avast.com/index.php?topic=136266.0Believe me folks this is going to be a new trend. Van Wallenstein warned against three forms of DNS hijacking:
1. DNS-cache poisoning, as Dan Kaminsky opened our eyes to this form of attack and the DNS-weakness involved (via recursor abuse for instance).
2. Then the authoritive nameserver can be hijacked with a worldwide effect as DNS records are being altered. Acess Control Lists and Extra Strong Passwords are to defense against this form of attack. Staff should be trained not to fall for so-called social engineering tactics.
3. The worst attack is changing the domain registration at the registrar's. If the cache cannot be emptied in time the attack can go on for hours or days even because of the TTL as a DNS server cache lasts for 86.400 sec as a rule. Protection according to Brenton Van Dyn is to preferably have the control over the nameservers inside the organization - in-house (attack 1-3).
Types of DNS manipulation info I got thanks to an article by Steve Ragan (credits - Steve Ragan).
Conclusion: avast! team should already be aware to this and put up internal team training to avoid such situations.
polonus