View Single Post
  #1   (View Single Post)  
Old 3rd October 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default 4.5 million Brazilian routers hacked

From http://h-online.com/-1722430

Quote:
During a presentation at the Virus Bulletin Conference in Dallas, Fabio Assolini from Kaspersky Lab described how criminals in Brazil managed to compromise 4.5 million DSL routers for months without being noticed.

For their attack, the criminals first used two Bash scripts and a Cross-Site Request Forgery (CSRF) attack to change the admin password and then manipulated the router's DNS server entry. The CSRF attack even allowed them to bypass any existing password protection. Once compromised, the PCs were redirected to specially crafted phishing domains that mainly targeted users' online banking credentials; the attackers had set up 40 DNS servers to handle this redirection. The attack was limited to large parts of Brazil's IP address space.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote