Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Hackers poison Brazilian ISP DNS to infect users with banking Trojan

DNS servers from multiple Brazilian ISPs were compromised to direct users to malicious websites

Article comments

Security researchers from antivirus vendor Kaspersky Lab warn that cybercriminals hacked into the DNS (Domain Name System) servers of several Brazilian ISPs and used them to redirect users to websites that distributed malware.

These attacks have occurred in the last few days, but they are not new to the region, according to Kaspersky Lab experts. "We believe it's not the last time this happens in Brazil and in the future we'll see more attacks like this," said Dmitry Bestuzhev, the head of Kaspersky's global research and analysis team.

"This kind of attack may happen in any place of the world and basically take place because of vulnerabilities on the ISP side. The only thing which can be done in this case from the ISP side is to make sure that all DNS servers are really protected," he added.

The DNS is a core part of the Internet infrastructure and is used for translating domain names into IP (Internet Protocol) addresses. Every time users try to access a website in their browser, their computer queries a DNS server - usually one provided by their ISP - for the corresponding IP address.

The latest incidents involved hackers modifying the DNS records returned by ISP servers for popular websites, including Google Brazil, YouTube, Gmail, Hotmail and several large Brazilian Internet portals like Uol, Terra or Globo.

Instead of responding with the correct IPs corresponding to those domains, the hijacked DNS servers returned the address of a Web server hosting spoofed pages that distributed Java exploits and banking Trojans.

Bestuzhev declined to name the affected ISPs, citing security reasons, but said that those behind the attacks most likely exploited vulnerabilities in the DNS software used by the compromised servers.

DNSSEC, a security extension that uses digital signatures to verify the authenticity of DNS responses is a solution against some of these attacks and should be adopted by all ISPs, the Kaspersky security expert said. However, he didn't know if any of the affected servers used the technology.

There are different types of DNS poisoning attacks, and aside from software vulnerabilities, rogue server administrators are also a threat. Last week, the Brazilian Federal Police arrested the employee of a medium-sized ISP who used his access to the company's DNS servers to manually modify records for certain websites and direct users to phishing pages.

The best solution for users who want to protect themselves from such attacks is to use alternative DNS servers, like those provided by Google and other specialised organisations, Bestuzhev said.

However, it's better if users configure each of their computers individually to use the alternative DNS servers instead of defining them in their home routers. That's because there are also attacks that exploit vulnerabilities in such networking devices to replace the configured DNS servers with others controlled by hackers.


More from Techworld

More relevant IT news


Leoparticular said: Anyone knows which are the banks affected

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *