Posted on Leave a comment

4.5 million DSL modems hacked in Brazil then users pointed to malicious websites

image thumb181

Screen shot of forged google site requested malware installationKaspersky Lab reported this week, that 4.5 million DSL modems in Brazil were hacked last year via a vulnerability in their ADSL modems that allowed hackers to steal passwords using scripting and then remote control the devices in order to change the modem’s configuration parameters. At some Brazilian ISPs, more than half of their customers were affected by the attack. Once the modem vulnerability was exploited, the modems were configured to point users to bogus DNS servers that had been set up outside of Brazil and used to serve forged responses to requests for domain names belonging to Brazilian banks and web sites such as MSN, Google and Facebook.

The domain IP spoof was silent to the users. When users accessed a legitimate site, such as Google, the domain name in the browser correctly showed to be google.com. However, the IP address was pointed to a server that requested the users install security software before continuing to use “Google’s” service. When the user chose to install the software, malware was installed allowing the hackers to steal files and capture keystrokes.

It is unknown which modem manufacturer or models were to blame but a flaw in a chipset driver for Broadcom devices is the early rumor. The attack was said to be a Cross Site Request Forgery (CSRF) type attack.

Sources: Naked Security, Kaspersky Lab
Leave a Reply

Your email address will not be published. Required fields are marked *