Hack Against ISP Hijacks Bank, Google Adsense
Hackers hijacked a major Brazilian ISP this month in a sophisticated attack that silently served up malicious software and phishing scams to more than a million customers.
According to Brazilian news outlet Globo.com, unknown attackers hijacked the domain name system (DNS) records for NET Virtua, a broadband provider that serves at least 1.4 million customers in the region.
NET Virtua's DNS records reportedly were hijacked on April 11, so that customers who visited any site that ran Google Adsense content were redirected to a site that tried to install and run a Java applet that in turn installed a Trojan horse program.
Globo.com said the attackers also took aim at Bradesco, one of Brazil's largest financial institutions. NET Virtua customers who tried to visit Bradesco.com.br during the four hours the DNS records were hijacked were redirected to a counterfeit version of the site designed to steal customer credentials, the story notes.
Giovana Battiferro, a spokesperson for NET, said in a statement e-mailed to Security Fix that the company "did all the necessary technical tests and didn't find any occurrence" of a DNS hijacking. The Globo.com story, meanwhile, cites a NET ombudsman as acknowledging that at least 1 percent of its customer base was affected.
Ronaldo Castro de Vasconcellos, who helps maintain Securityguys.com.br, a mailing list of Brazilian penetration testers and other security professionals, told Security Fix that lookups he conducted while the attack was underway show that visitors to Bradesco's bank were redirected to a Web site in South Korea.
DNS is akin to the White Pages for the Internet, mapping domain names, like example.com, to numeric Internet addresses. Just as people typically move to a new home every so often, Web sites sometimes change their numeric address. DNS is what helps your Web browser find a site like example.com no matter how many times example.com changes its numeric address.
DNS based attacks can be devastating because they undermine everything we take for granted about Web browsing. Late last year, attackers hijacked the DNS records of Checkfree.com, the largest online bill-paying service, redirecting would-be visitors to a site in Ukraine that served up malicious software.
Also, changes to DNS records take time to propagate out across the Internet, so poisoned DNS records can remain cached at various locations around the Web for up to 48 hours after the affected entity has been fixed.
An excellent, free service that can help protect against these attacks -- no matter which network you happen to be on -- is OpenDNS. It will not prevent all types of DNS hijacking attacks, such as the Checkfree.com attack (where the company's DNS records were altered at the domain registrar level). But in my opinion, it's far safer than accepting whatever DNS records the network you happen to be on decides to hand to you.
If you have questions about this DNS attacks, or any other tech or security matter, join me today at 11 a.m. for a live Web chat.
April 24, 2009; 7:33 AM ET
Categories: Latest Warnings , Safety Tips | Tags: NET Virtua, bradesco, dns hijack, opendns
Save & Share: Previous: Earthlink Outage Blamed on Earth Day Power Failure
Next: Planting Your Flag at Social Networking Sites
Posted by: eiverson1 | April 24, 2009 12:23 PM | Report abuse
Posted by: datadefender | April 24, 2009 7:16 PM | Report abuse
Posted by: geebee2 | April 30, 2009 11:37 AM | Report abuse
The comments to this entry are closed.