Brazilian ISPs Hit by DNS Poisoning Attacks

Brazilian internet service providers have fallen victim to a massive DNS poisoning attack, their account holders being redirected to malicious websites whenever they tried to access services like Youtube, Hotmail or Gmail.

According to Kaspersky's SecureList, in some cases even company network devices were hit remotely, being configured to execute a Java applet every time a website was opened.

ISPs from Brazil have in average between 3 and 4 million customers, which means that such an attack can have disastrous effects.

In this particular situation, each time a user would try to access a website such as Uol, Terra, Globo or the even more popular ones such as Google, they would be instantly taken to a site that served a malicious file.

For instance, when Google was accessed, a pop-up appeared on the screen, urging internauts to install a tool called Google Defence which is allegedly needed for the site's functionality. Instead of a utility, the downloaded file hid a Trojan, detected by Kaspersky as being a piece of malware that targets bank accounts.

The attack, which relies on an exploit hosted on a server controlled by the cybercriminals, makes use of a vulnerability in the old versions of Java to run arbitrary code and serve one of the malicious executable files, depending on the location that was being accessed by the victim.

As it turns out, a 27-year-old man, employed at one of the country's ISPs was arrested for being implicated in the scheme. It seems as he was doing his evil work for more than 10 months, redirecting unsuspecting users to phishing websites.

These attacks could have easily been prevented by an up-to-date anti-virus software and an updated version of Java, so make sure to install any new variants of a program as in most cases they come with crucial security patches that can save your device and your assets.