Leading Brazilian Bank in Grip of DNS Cache Poisoning Attack
In a latest cyber attack, the customers of one of the biggest banks of Brazil, Bandesco, are being redirected to fake websites, reports The Register on April 22, 2009. This redirection is due to an attack dubbed "DNS cache poisoning attack", targeting Brazil's Internet service provider, NET Virtua.
As per the security experts, attack of DNS cache poisoning abuse the vulnerabilities in the domain-name system of Internet. Internet Service Providers whose systems are unpatched against the flaws are likely to face these attacks. DNS cache poisoning attacks replace the authentic IP address of a website with a phony number. Then the user relying on lookup service is directed to malicious sites, although he would have typed in correct name into the browser.
This attack is aimed at implanting malicious codes into the unpatched PCs of users and secretly obtaining the passwords. When users make attempts to login to a site, a bogus login page opens and asks for their personal details. Apart from the usual information asked by bank, this fake and criminal-operated web page seeks for other details also that, by no means, are necessary, like CPF account of the users.
Paul Ferguson, security researcher at Trend Micro, stated that the matter becomes even more critical when it comes to a banking institution, as reported by The Register on April 22, 2009.
According to reports, nearly 1% bank customers have fallen victim of the attack. NET Virtua officials revealed that the attacks commenced on April 4, 2009; however, the Internet service provider, NET Virtua, has confirmed that the problem has now been resolved.
Security experts noted that this technique of attack has been prevailing since mid-1990s, when it security researchers found that DNS resolver could be bombarded with bogus Internet Protocol addresses. This attack, being a highly sophisticated attack, is difficult to get rid of. However, this attack is not always successfully launched, but whenever it is successful, it proves extremely efficient.
The attack can smartly divert the user traffic to malicious websites, which are proficient in implanting malicious code or in disguising as a trusted bank or any other reliable financial institution; thereby, stealing the users' confidential account details.
» SPAMfighter News - 23-04-2009