Enormous Cyber Assault Target Brazilian ISPs

Malware attacks possibly targeted innumerable online operators within Brazil following the modification of the ISPs' DNS caches whose services they subscribed and which after modification diverted them onto cyber-criminal controlled severs, published 'Virus BULLETIN' on November 7, 2011.

Writing in the personal blog, lab researcher Fabio Assolini stated that during the 1st-week of November 2011, Brazilian users browsing web-forums frantically sought assistance when they were diverted onto malicious sites instead of their intended sites like Hotmail, Gmail, YouTube along with leaders of local markets, these being, Globo, Terra and UoL. Securelist published the blog posting on November 7, 2011.

If subscribers try to access Google.com say via any of the modified ISPs, they may get diverted onto a website, which makes them necessarily load a Java script so they may proceed. The script, however, is malicious software. In particular, it's one banker Trojan that Brazilian attackers prefer to use less.

Recently, the federal police of Brazil detained an employee, aged 27, belonging to a mid-sized Internet Service Provider within the country's southern region. Understandably, for approximately a 10-month period, that person utilized his ability for changing the DNS cache of his company owner that in turn compelled the company's clients for accessing the banker Trojan-producing malevolent server.

The Internet Protocol address through which the exploit is hosted supports several other exploits too like files, which make efforts for abusing security flaws within Java (previous editions), a usual technique related to drive-by downloads.

Security researchers have stated that it's already some time since the attack is being waged whose impact may be pretty extensive considering how much the problem could generate harm. It's not known exactly how many victims were trapped; however, about 73m users' computers accessed the Brazilian Internet, while the most highly-rated ISPs of Brazil serve approximately 3-4m subscribers each.

Assolini recommended all subscribers who were impacted that they should make their anti-virus as well as other software up-to-date like Java and further alter Google and other providers' DNS configurations. During assaults on network computers, it was advisable that the router's firmware be made up-to-date, while altering passwords that were there by default, he added.

Related article: Enormous Computer Breaches Hit Greenville County

» SPAMfighter News - 11/14/2011