The hacker did not deface the main page of the websites but added a static page with the name rOOt.html to the root of the website. Currently, the defaced pages exist and did not remove by the admins of the websites.
List of Hacked Sites:
http://basritransport.com/rOOt.html
http://aurionair.com/rOOt.html
http://bhadvertising.co/rOOt.html
http://binbuttico.com/rOOt.html
http://bizztechintl.com/rOOt.html
http://bostonfoodsrestaurants.com/rOOt.html
http://corecreationsinteriors.com/rOOt.html
http://eaglevision-hrc.com/rOOt.html
http://dkgc-sa.com/rOOt.html
http://hamcometals.com/rOOt.html
http://frcuae.com//rOOt.html
http://livebizzuae.com/rOOt.html
http://loulouservices.com/rOOt.html
http://mistuba.net/rOOt.html
Some mirrors of the hack on zone-h:
http://zone-h.com/mirror/id/20445525
http://zone-h.com/mirror/id/20445526
http://zone-h.com/mirror/id/20445527
There is no specific deface message left by the hacker on the deface page. You can find the complete note below:
Deface Message:
Here u g0 Admin! Sites Owned,
Security Just An Illusion to us
Note:we will be Back
Ok Listen! Let’s Get This Clear! Have a Look @ Ur SecuitY BitcheZ
We are Security Breakers And We comprise even the most secure Sites So fix your Security .
We will be back
And To fuck Your Ass
& Feel Some Shame Admin =))
./LogginG OuT
More details with complete mirrors on the hack can be found on a doc by the hacker.