Web Based Attack To Change Domain Name System

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

A web based attack discovered in Brazil aims to change the DNS (Domain Name System) settings in home routers with malicious DNS servers that direct to phishing pages of financial institutions.

The modifications are made by steering the victim to malicious websites carrying adult content, which run scripts in the background. These contain links pointing to local IP addresses that are generally assigned to home routers and a specific DNS configuration.

Some users may be requested to log into the router configuration, this is a clear sign of that something is really odd and bad.

“This depends on the strength of the access password, because the scripts also have brute-forcing capability, and they first attempt to guess the credentials on their own.”

It appears that they run pretty basic combinations (admin:admin, root:root and admin:gvt12345), so a complex passcode should cause a login dialog to pop up.

Also present in the scripts are commands for changing the primary and secondary DNS servers.

Users are tricked into accessing the malicious links via an email claiming to provide photo evidence that the victim was cheated. Kaspersky systems recorded 3,300 clicks on the malicious links, most of them traced to Brazil, although the US, China, Canada and Mexico also appeared on the map.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]