Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Ghostdns Attack Compromised Over 100K Routers

 

The DNS settings of 100,000-and-more routers recently got modified so that end-users would get diverted onto phishing sites. When end-users attempted at logging into Brazilian banks' e-banking sites the diversion took place.

 

Report about the outbreak first came from Radware a security company during August. From that time, the attack widely increased in form from generally striking end-users who utilized DLink DSL routers and further on end-users who utilized 70-or-more separate kinds of household modem routers.

 

The Netlab team of Qihoo 360 a Chinese security company describes the outbreak as GhostDNS campaign wherein 88 percent of the modems which were hit are situated inside Brazil.

 

Netlab, reportedly of late, noticed an enormous rise in attackers trying to hijack routers having no passwords else weak ones. Such attackers attempt at loading an edition of DNSChanger, an earlier known exploit that compromised DNS settings inside routers followed with altering their default configurations, such that traffic would get diverted onto certain malicious server.

 

When end-users try connecting with banks, they're taken onto one phishing server through the malicious server. The phishing server runs web-pages which imitate but aren't the banks' real A/C login pages. At present the malicious server runs 52 websites' fake pages for enabling phishing. These websites are of banks, a cyber-security company, Netflix, and cloud service vendors.

 

Within cases the attackers failed cracking the router passcodes, they've been utilizing an exploit -dnscfg.cgi of the past for remotely modifying configurations of DNS server through targeted routers devoid of authenticating them.

 

As different from earlier DNSChanger attacks, the GhostDNS campaign relies on 3 more sub-modules namely PyPhp DNSChanger, Js DNSChanger, and Shell DNSChanger.

 

Written with the programming language Shell, the Shell DNSChanger contains 25 Shell codes created to attack 21 firmware packages' else routers' passcodes. The Js DNSChanger written with the JavaScript language includes ten JS scripts to crack 6 firmware packages' else routers' passcodes. And written with PHP and Python programming languages, the PyPhp DNSChanger happens to be the most dangerous by getting installed onto 100-or-more servers of Google Cloud which the attackers use for uninterrupted scrutiny of the Internet for spotting weak routers

» SPAMfighter News - 10/11/2018

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next