Thursday, October 4, 2012

Kaspersky are detecting the malicious script as "HackTool.Shell.ChDNS.a." | 4.5M Hacked DSL Modems

What users can do to not be a victim of this kind of attack? Users should ensure that they use strong passwords, check their security settings and update their firmware and any relevant software regularly – at present, these are the only things they can really do. The rest is squarely in the hands of the vendors - the only people who can change the devices’ designs. 

This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems.

We will show how cybercriminals exploited an under-the-radar vulnerability which affected thousands of outdated DSL modems across the country. This enabled the attack to reach network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months. The scenario was fuelled by the widespread neglect of ISPs, blunders from hardware manufacturers, under-educated users and official apathy.

If you think the task of cleaning up victims of the DNS Changer malware was a big challenge, imagine what it would be like to deal with 4.5 million modems compromised in this attack – all of them in sunny, beautiful Brazil.

READ FULL STORY HERE

No comments:

Post a Comment