google.com.bd is attacked using DNS poisoning

Just a few hours back, one of my old colleagues made a phone call to let me know that google has been hacked by a Bangladeshi guy. I was astonished to hear that thus couldn’t stop myselft to investigate further. First, when I tried http://www.google.com.bd it was ok. Then tried http://google.com.bd and yes, it has been hacked! The hacker has defaced the home page. Without being late I made a remote desktop connection to a PC which is located in australia. When I hit google.com.bd from there, it was redirecting me to www.google.com.bd one. This primary test make sure that it’s not a world wide problem. Then I asked few of my friends (who is under different network) to check whether this is particular to BD or not. One of them reported he found it ok. So, this is BD specific and some ISP specific. Finally running tracert command for both ensured that it’s a dns poising attack.

So, hackers have changed the ip address in the DNS servers (which translates a requested domain name into it’s corresponding ip address) for google.com.bd. However here is the tracert result:

Tracing route to www.google.com [74.125.230.81]over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.0.1
2 3 ms 2 ms 3 ms 114.130.35.65
3 5 ms 5 ms 2 ms 114.130.8.113
4 4 ms 4 ms 6 ms 169.dhk-peer.mango.com.bd [114.130.3.169]
5 6 ms 7 ms 4 ms gi1-3.gsr-7609.dhk-gsr-01.mango.com.bd [114.130.1.13]
6 152 ms 150 ms 151 ms pos12-1-0.palermo7.pal.seabone.net [195.22.198.157]

7 199 ms 197 ms 196 ms 72.14.198.233
8 197 ms 195 ms 195 ms 72.14.198.233
9 177 ms 178 ms 178 ms 216.239.47.128
10 190 ms 186 ms 187 ms 209.85.249.234
11 192 ms 193 ms 194 ms 72.14.233.104
12 194 ms 195 ms 195 ms 64.233.175.115
13 198 ms 194 ms 198 ms 74.125.230.81
Trace complete

Tracing route to google.com.bd [173.233.68.2]over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.0.1
2 2 ms 3 ms 2 ms 114.130.35.65
3 3 ms 3 ms 2 ms 114.130.8.113
4 3 ms 3 ms 4 ms 169.dhk-peer.mango.com.bd [114.130.3.169]
5 6 ms 5 ms 4 ms gi1-2.gsr-7609.dhk-gsr-01.mango.com.bd [114.130.1.9]
6 151 ms 150 ms 151 ms pos12-1-0.palermo7.pal.seabone.net [195.22.198.157]

7 189 ms 215 ms 189 ms xe-5-0-0.franco31.fra.seabone.net [195.22.211.221]
8 326 ms 324 ms 325 ms global-crossing.franco31.fra.seabone.net [89.221.34.110]
9 369 ms 371 ms 365 ms turnkey-internet.so-5-1-2.ar4.jfk1.gblx.net [64.215.182.250]
10 330 ms 331 ms 331 ms jm20-ny1-ge-1-3-0.turnkeyinternet.net [64.128.116.2] .
11 331 ms 333 ms 332 ms c6509-ny1-i12ge50.turnkeyinternet.net [208.85.1.14]
12 390 ms 369 ms 401 ms webserver24.turnkeywebspace.com [173.233.68.2]
Trace complete.

Do you think others should know this?

2 thoughts on “google.com.bd is attacked using DNS poisoning

  1. Ahh! I can’t actually see any diff as I’m accessing from Aus. Can you post a screenshot of what the hacker has done? so that we can see how the thing was after the attack?

    BTW – FYI – desh.tv has been malware infected & I guess they still havn’t fixed that yet :)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>