Ghostdns Attack Compromised Over 100K Routers
The DNS settings of 100,000-and-more routers recently got modified so that end-users would get diverted onto phishing sites. When end-users attempted at logging into Brazilian banks' e-banking sites the diversion took place.
Report about the outbreak first came from Radware a security company during August. From that time, the attack widely increased in form from generally striking end-users who utilized DLink DSL routers and further on end-users who utilized 70-or-more separate kinds of household modem routers.
The Netlab team of Qihoo 360 a Chinese security company describes the outbreak as GhostDNS campaign wherein 88 percent of the modems which were hit are situated inside Brazil.
Netlab, reportedly of late, noticed an enormous rise in attackers trying to hijack routers having no passwords else weak ones. Such attackers attempt at loading an edition of DNSChanger, an earlier known exploit that compromised DNS settings inside routers followed with altering their default configurations, such that traffic would get diverted onto certain malicious server.
When end-users try connecting with banks, they're taken onto one phishing server through the malicious server. The phishing server runs web-pages which imitate but aren't the banks' real A/C login pages. At present the malicious server runs 52 websites' fake pages for enabling phishing. These websites are of banks, a cyber-security company, Netflix, and cloud service vendors.
Within cases the attackers failed cracking the router passcodes, they've been utilizing an exploit -dnscfg.cgi of the past for remotely modifying configurations of DNS server through targeted routers devoid of authenticating them.
As different from earlier DNSChanger attacks, the GhostDNS campaign relies on 3 more sub-modules namely PyPhp DNSChanger, Js DNSChanger, and Shell DNSChanger.
» SPAMfighter News - 10/11/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!