UPDATE @5pm: We have contacted both MYNiC and MCMC to get their feedback on this issue. We have strong reason now to believe that the MYNiC registry data has been compromised as part of the attack, and Google as well as other DNS servers merely updated their records based off MYNiC’s authoritative servers. A similar attack was carried out by the same group on Kenya’s domain registrar in April, as reported by softpedia.
UPDATE @3pm : We can confirm now that the issue is not isolated to Google DNS. We did some random lookups and have discovered that MSN (.com.my), Bing (.com.my) and Dell (.com.my) records have been poisoned across other DNS servers as well (Level3 and OpenDNS). We believe now that the MYNiC registry itself has been compromised, and as such, all the domain on the .MY suffix are now at risk of malicious attacks.
If you’re using Google DNS servers for your DNS queries (8.8.8.8 and 8.8.4.4), you might want to either switch to OpenDNS or to your specific ISP’s DNS servers as we have confirmed that search queries involving Malaysian domain names have been poisoned. Poisoned in a sense that you wont be directed to the actual site, but instead to a temporary site with a defaced page.
Sites affected so far are Dell Malaysia (.com.my), all Microsoft sites on the .my suffix notable MSN Malaysia (.com.my), Skype Malaysia (.com.my), Bing Malaysia (.com.my) as well as antivirus site Kaspersky (.com.my). Google Malaysia (.com.my), Youtube Malaysia (.com.my) and a few other notable .MY domain sites are also inaccessible at the moment.
At time of writing, none of the online banking sites have been poisoned, but it is a very real possibility that they could be until this issue is resolved. If you have to conduct any online transactions, please ensure that the security certificate for the online banking site you are visiting is valid before keying in your personal details (if you choose to stick to Google DNS servers that is).
ADVERTISEMENT
The quick fix for now would be to change your DNS servers either to your ISP’s own DNS or to switch to OpenDNS. The list of available DNS servers are below.
OpenDNS Home: 208.67.222.222/ 208.67.220.220
Level3 : 209.244.0.3/ 209.244.0.4
TMnet/Unifi: 202.188.0.133/202.188.1.5
