Hi, Today, when i accessed google.com.pk, I was surprised to see the defacement page of turkish hackers, Later on i came to know that other websites such as Microsoft.com.pk were also defaced this morning. On checking the name servers with nslookup, the DNS servers were pointing towards another website, It was clear that the hacker compromised the DNS server and changed the DNS servers to their own, where they had their defacement page. The above image appeared on major .pk domains, when users were trying to access them. Some time later the page started pointing towards google.com instead of google.com.pk, However the name servers of all .pk domains are still pointing towards freehostia. By a quick whois search i came to know that the registrar that is responsible to PKNIC domains is MarkMonitor, The is a huge chance that the turkish hackers may have gained access to MarkMonitor and then would have changed the DNS servers. Another possibility is that the hackers may have used an attack called "DNS Cache Poisoning" in order to change the DNS servers. I will update this page as soon as i have more updates regarding this attack. Update: Here is the Full List Of Compromised Domains: google.com.pk microsoft.pk biofreeze.com.pk blackstone.pk blogspot.pk itunes.pk gmails.pk zynga.com.pk chrome.com.pk chrome.pk visa.com.pk bx.com.pk abbvie.com.pk abbvie.pk cgma.pk chacos.com.pk [U]cimacpa.pk[/U] [I][U]cisco.pk[/U] [I][U]ciscosystems.pk[/U] [I][U]blogspot.com.pk[/U] [I][U]cpacima.pk[/U] [I][U]cpaintl.pk[/U] [I][U]cpaldglobal.pk[/U] [I][U]cpalwglobal.pk[/U] [I][U]drivealliance.pk[/U] [I][U]eastman.biz.pk[/U] [I][U]eastman.net.pk[/U] [I][U]eastman.org.pk[/U] [I][U]ebay.pk[/U] [I][U]monatin.pk[/U] [I][U]everyblock.pk[/U] [I][U]youtube.pk[/U] [I][U]3com.web.pk[/U] [I][U]hp.web.pk[/U] [I][U]revlon.pk[/U] [I][U]streetwear.pk[/U] [I][U]windows7.pk[/U] [I][U]windows8.pk[/U] [I][U]windowsrt.pk[/U] [I][U]yahoo.pk[/U] [I][U]yahoomaktoob.pk[/U] [I][U]zynga.pk[/U] [I][U]firstdirect.com.pk[/U] [I][U]flickr.pk[/U] [I][U]fordgofurther.pk[/U] [I][U]gbuzz.pk[/U] [I][U]gmailbuzz.pk[/U] [I][U]gmail.pk[/U] [I][U]googlebrowser.com.pk[/U] [I][U]google.pk[/U] [I][U]googlebuzz.pk[/U] [I][U]googlechrome.com.pk[/U] [I][U]abbviepharmaceuticals.pk[/U] [I][U]abbviepharmaceuticals.com.pk[/U] [I][U]hewlettpackard.pk[/U] [I][U]hexagon.com.pk[/U] [I][U]hsbcamanah.biz.pk[/U] [I][U]hotmail.com.pk[/U] [I][U]hpcloud.com.pk[/U] [I][U]hp.com.pk[/U] [I][U]hpscalene.com.pk[/U] [I][U]hsbc.biz.pk[/U] [I][U]hsbcadvance.com.pk[/U] [I][U]hsbc.pk[/U] [I][U]hsbcpremier.com.pk[/U] [I][U]hsbcprivatebank.biz.pk[/U] [I][U]hsbcamanah.com.pk[/U] [I][U]hsbcdirect.com.pk[/U] [I][U]hsbcnet.com.pk[/U] [I][U]hsbcpremier.biz.pk[/U] [I][U]hsbcpremier.pk[/U] [I][U]hsbcprivatebank.com.pk[/U] [I][U]investdirect.biz.pk[/U] [I][U]investdirect.com.pk[/U] [I][U]ipod.pk[/U] [I][U]jaiku.pk[/U] [I][U]kellyservices.com.pk[/U] [I][U]maktoob.pk[/U] [I][U]markmonitor.pk[/U] [I][U]microsoftsmartglass.com.pk[/U] [I][U]microsoftsmartglass.pk[/U] [I][U]xboxsmartglass.com.pk[/U] [I][U]xboxsmartglass.pk[/U] [I][U]msn.org.pk[/U] [I][U]windowsstore.pk[/U] [I][U]windowsstore.com.pk[/U] [I][U]opteron.com.pk[/U] [I][U]parkplaza.pk[/U] [I][U]paypal.pk[/U] [I][U]postini.pk[/U] [I][U]scalene.com.pk[/U] [I][U]schwab.biz.pk[/U] [I][U]schwab.com.pk[/U] [I][U]sonystyle.com.pk[/U] [I][U]streetwear.com.pk[/U] [I][U]theworldslocalbank.com.pk[/U] [I][U]genapp.pk[/U] [I][U]genapp.com.pk[/U] [I][U]generationapp.pk[/U] [I][U]generationapp.com.pk[/U] [I][U]windows.com.pk[/U] [I][U]windows7.com.pk[/U] [I][U]windows8.com.pk[/U] [I][U]3com.biz.pk[/U] [I][U]3com.fam.pk[/U] [I][U]3com.net.pk[/U] [I][U]3com.org.pk[/U] [I][U]gchrome.com.pk[/U] [I][U]aicpacima.pk[/U][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I][/I]
That's crazy! What is cache poisoning? How could anyone get into Google and Microsoft at the same time? Don't they have their own servers?
As the original owner stated..All of the .pk domains may have been registered through MarkMonitor..If the hackers gained access into MarkMonitor then changing the nameservers for all these domains would be fairly easy.