Massive DNS poisoning attack in Brazil serving exploits and malware

Summary:Security researchers from Kaspersky Lab have detected a massive DNS poisoning attack, affecting Brazilian ISPs.

Security researchers from Kaspersky Lab have detected a massive DNS poisoning attack, affecting Brazilian ISPs.

Upon attempting to visit a legitimate web site such as www.google.com.br for instance, users are exposed to malicious file downloads, next to client-side exploits, CVE-2010-4452 in particular.

Kaspersky's Fabio Assolini comments:

Brazil has some big ISPs. Official statistics suggest the country has 73 million computers connected to the Internet, and the major ISPs average 3 or 4 million customers each. If a cybercriminal can change the DNS cache in just one server, the number of potential victims is huge.

Last week Brazil’s web forums were alive with desperate cries for help from users who faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened.

Malicious attackers often turn to alternative methods for abusing the infrastructure of a trusted web site, such as Google in this case, in cases where they cannot directly compromise this infrastructure. Whether it's the modification of a particular site's DNS records by social engineering their way in, to to direct DNS cache poisoning, their main objective remains the abuse of a high-trafficked web sites.

Affected users are advised to "update antivirus and all software in the computer (such as Java), also change the DNS configuration to other providers".

Related posts:

Topics: Malware, Browser, Networking, Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.