HackDig : Dig high-quality web security articles for hacker

Home Router DNS Settings Changed via Web-Based Attack

2014-09-04 19:20
A web-based attack detected in Brazil aims to change the Domain Name System (DNS) settings in home routers with malicious DNS servers that direct to phishing pages of financial institutions.

The modifications are made by steering the victim to malicious websites carrying adult content, which run scripts in the background. These contain links pointing to local IP addresses that are generally assigned to home routers and a specific DNS configuration (“dsncfg.cgi”).

Some users may see a request to log into the router configuration, Fabio Assolini from Kaspersky says in a blog post; this is a clear sign that something is not right.

However, this depends on the strength of the access password, because the scripts also have brute-forcing capability, and they first attempt to guess the credentials on their own. 

It appears that they run pretty basic combinations (admin:admin, root:root and admin:gvt12345), so a complex passcode should cause a login dialog to pop up.

Also present in the scripts are commands for changing the primary and secondary DNS servers.

Users are tricked into accessing the malicious links via an email claiming to provide photo evidence that the victim was cheated. Kaspersky systems recorded 3,300 clicks on the malicious links, most of them traced to Brazil, although the US, China, Canada and Mexico also appeared on the map.


Source: lmths.866754-kcattA-desaB-beW-aiV-degnahC-sgnitteS-SND-retuoR-emoH/swen/moc.aideptfos.swen

Read:1943 | Comments:0 | Tags:Security

“Home Router DNS Settings Changed via Web-Based Attack”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud