blog
DNS servers for Brazilian ISP hacked
In mid-April, unidentified criminals poisoned the DNS servers operated by NET Virtua, a Brazilian ISP that serves 1.4 million customers. Several high value domains, including domains belonging to Google and to a major Brazilan bank, were poisoned. When DNS is poisoned, visitors attempting to navigate to a website using the legitimate URL are unwittingly redirected to a mailicious website instead. NET Virtua reported that at least 14,000 of its customers were exposed to the poisoned DNS information.
The main domain for Bradesco, one of Brazil's largest financial institutions, was poisoned. As a result, visitors looking for the Bradesco site were instead redirected to a malicious web site, apparently hosted in South Korea, that spoofed the look and feel of the real Bradesco site in an attempt to steal users' login credentials and other personal information.
The criminals also poisoned the domain for Google AdSense in Brazil and redirected it to a site that attempted to download malware onto a visitor's computer. Since that AdSense domain is used by any site that presents Google's Brazilian ads, those sites were effectively turned into distribution points for the malware.
Leave a comment
Categories
Archives
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- December 2009
- November 2009
- July 2009
- April 2009
- November 2002