DNS hijacking attacks can affect users beyond just preventing them from accessing a website, because they also allow attackers to redirect users to malicious content. Users affected by the attack against nytimes.com were redirected to a server hosted in an IP (Internet Protocol) address range that is associated with malicious attacks, but it doesn't seem they were actually served malware.
"Technical teams from CloudFlare, OpenDNS and Google jumped on a conference call and discovered the site to which the NYTimes.com site was redirected was in Internet space (the IP addresses) full of phishing and possible malware, although no malware distribution was witnessed," Matthew Prince, CEO of website optimization and security firm CloudFlare, said in a blog post.
In the blog post, Prince initially wrote that it appeared the site hosted malware. He later corrected the post.
In order to prevent rogue modification of DNS records, domain owners can ask their registrars to put registry locks in place for their domains, like Melbourne IT did for nytimes.com and the other affected websites. This lock is placed at the registry level, meaning with those companies that administer the .com, .net, .org, and other domain extensions.
"Registrars generally do not make it easy to request registry locks because they make processes like automatic renewals more difficult," Prince said. "However, if you have a domain that may be at risk, you should insist that your registrar put a registry lock in place. It's worth noting that while some of Twitter's utility domains were redirected, Twitter.com was not -- and Twitter.com has a registry lock in place."
SEA claimed Wednesday on Twitter that they hacked Melbourne IT's blog site. A message left on the site read "Hacked by SEA, Your servers security is very weak," suggesting that the hacker group might still have some level of access to Melbourne IT's systems.
Correction: This story as originally posted contained incorrect information provided by a source who has since retracted and corrected his statements. The article has been amended.