Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Brazilian Internauts have Cyber-Crooks Compromise their Internet Connections

According to Proofpoint, cyber-criminals by altering the DNS (domain name system) configurations within Internauts' routers in Brazil have been getting hold over such users' online connections recently.

The operations, which are described as pharming assaults, entice victims towards accessing fraudulent websites that normally resemble banking sites within attempts to grab sensitive information such as bank log-in credentials.

Pharming assaults have proved as extremely successful since often they're hard to recognize. In these, the assaulters by changing domain name system configurations in routers make sure that end-users land on a fake website soon as they enter a genuine website's domain name inside the address bar of their browsers. Normally, network-based assaults are the means for compromising the DNS; however, during one recent scam, phishing e-mails too proved successful.

It was during mid-December 2014 when Proofpoint began closely watching the campaign. The company researchers note that a spam mail was involved that seemingly arrived from a major telecommunication company of Brazil. They saw one small-scale spam outbreak running for 4 weeks when close to 100 spam messages were distributed primarily to organizations and individuals in Brazil.

A URL inside those spam mails diverted victims, who followed it, onto web-pages which leveraged cross-site request forgery (CRF) for attacking routers, illegitimately cracking log-in page of the admin via the dispatch of HTTP requests to it till finally the victim entered the right identifiable details.

The attackers used one backup service too that they created for the DNS (domain name service) belonging to them for utilization within the assault whose function began when the main malevolent DNS got disturbed for eschewing any suspicion by the victim.

When receiver of the phishing e-mail followed the web-link while there would occur successful exploitation of the vulnerability, all PCs connected to the compromised router would apparently experience them requesting one malevolent DNS server for seeking hostname of no particular one, online, the security company explains.

With carrying out the attack effectively, it was now possible for the hacker towards intercepting the online conversations, enabling them to gain hold over confidential data, particularly from websites, e-mail communications, along with passwords and logins.

» SPAMfighter News - 3/4/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page