DNS hijack, (Thu, Oct 10th)

DNS for the Malaysian copy of Google ( got appearanty hijacked. Right now, the hostnames and point to a host in Canada ( 

(thx Alex for capturing the screen shot. My system would not allow me to connect to the IP address anymore). The NS records point to servers that do not appear to be "genuine" as well. Before, the NS records pointed to and, which are also authoritative for Now they point to and .

The whois information does not reflect that this is a google domain, but it didn't change recently and the site used to host a copy of Google's homepage according to It is very much possible that Google uses a third party to operate part of its Malaysia site.


Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.