Monday, September 16, 2019
  • Home
  •             

MSN NZ HACKED

April 21st, 2009 by Patrick S

Wow long time no post…

Today whilst opening up the default MSN homepage in I.E I was stunned to find that it had been hacked by “Peace Crew”.

I asked Nathan Mercer at MSFT what the story was and apparently the Hijackers stole the DNS entry from their registrar and redirected.

Windows Server had no part to play in this incident the attackers simply took the site down at a higher level. Looks like not everyone is immune to hackers then huh.

http://www.msn.co.nz

MSN NZ Hacked

An output of their DNS entries shows:

name class type data time to live
msn.co.nz IN MX
preference: 0
exchange: msn.co.nz
14400s (04:00:00)
msn.co.nz IN SOA
server: fatih1.turkguvenligi.info
email: thug_west__.live.nl
serial: 2009042002
refresh: 86400
retry: 7200
expire: 3600000
minimum ttl: 86400
86400s (1.00:00:00)
msn.co.nz IN NS fatih1.turkguvenligi.info 86400s (1.00:00:00)
msn.co.nz IN NS fatih2.turkguvenligi.info 86400s (1.00:00:00)
msn.co.nz IN A 95.211.11.163 14400s (04:00:00)

Edit: Appears to be fixed now 😉

Edit2: Looks like they took over a raft of New Zealand websites including WindowsLive.co.nz, MSN.co.nz, Microsoft.co.nz, Hotmail.co.nz, Live.co.nz next to HSBC.co.nz, Sony.co.nz, Coca-Cola.co.nz, Xerox.co.nz, Fanta.co.nz, F-Secure.co.nz and BitDefender.co.nz. (http://blogs.zdnet.com/security/?p=3185)

Posted in MS News | 1 Comment »


This entry was posted on Tuesday, April 21st, 2009 at 2:15 am and is filed under MS News. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


One Response

  1. Zero Day mobile edition Says:

    […] members of the Peace Crew used fatih1.turkguvenligi .info and fatih2.turkguvenligi .info as primary DNS servers delivering the defaced pages, and making it look like the sites themselves have been […]