The Google domain for Malaysia was hijacked on Thursday night, redirecting visitors to a page that said a group called Madleets from Pakistan had performed the attack. The domain has been restored now, but the name servers for the domain had been changed to a pair controlled by the attackers.
MYNIC, the company that administers the country TLD for Malaysia, confirmed the attack in a statement issued Friday morning, saying that its internal incident response team had resolved the problem within a short time of learning of the attack.
“We can confirm there was unauthorised redirection of www.google.com.my and www.google.my to another IP address by a group which called themselves TeaM MADLEETS,” the statement says.
“The problem was alerted in the early morning and MYNIC Computer Security Incident Response Team (CSIRT) immediately started to resolve the issue. The domain name www.google.com.my has been restored to their correct information at 7.10 am today and www.google.my is still resolving.”
The attack appears to have been a DNS cache poisoning attack, so rather than finding the normal Google home page in Malaysia, visitors were redirected to a site hosted in Canada. Both google.com.my and google.my were hijacked during the attack. Integricity, the company that manages the Google domains in Malaysia, said that the attack lasted a few hours, beginning after midnight local time.
“We immediately tried to log into the MYNIC reseller system to check on the status, but were unable to do so. The DNS servers for this domain have been modified and this has caused the URL to be pointed to a page that shows the site has been hacked.”