A DNSchanger like threat initially highlighted couple of months ago in August on D-Link routers in Brazil has spread out to impact more than seventy various devices and more than 100,000 individual piece of kit. Radware initially known as the current campaign, which began as a threat on Banco de Brasil users via a DNS redirection that sent individuals to a similar website that sneaked their credentials.
Now, Quihoo’s Netlab 360 folk have alert that the threat, which they have dubbed GhostDNS, is “starting to ramp up its effort significantly with a whole bunch of new scanners.”
The hackers were attempting to acquire control of the aim machines either by assuming the admin password of the website, or through a unsafe DNS configuration CGI script (dnscfg.cgi). If they acquire control of a device, they alter the default DNS server of the router to their individual “rogue” machine.
The post stated at this occasion that the redirection campaign is steadily forced towards Brazilian Websites, closely 88 percent of the compromised devices are merely in Brazil, and the rogue DNS servers functioned on Google, Oracle, Hostkey, Amazon, Aruba, Multacom, Telefonica, and OVH. The compromised kit has merely been identified in the US, Argentina, Bolivia, Mexico, Russia Venezuela, Saint Maarten, and a few other countries.
Google, Oracle and OVH, have abandoned the hackers off their infrastructure, and the post stated others are functioning on it.
Vendors the Netlab 360 analysts have merely registered 3Com*, A-Link, Alcatel/Technicolor, Antena, C3-Tech, Cisco, D-Link, Elsys, Fiberhome, Fiberlink, Geneko, Greatek, Huawei, Intelbras, Kaiomy, LinkOne, MokroTik, MPI Networks, Multilaser, OIWTECH, Perfect, Qtech, Ralink, Roteador, Sapido, Secutech, Siemens, Technic, Tenda, Thomson, TP-Link, Ubiquiti, Viking, ZTE, and Zyxel as unsafe (* Yes, we realize 3Com is a name long gone from the shelves; The Register postulates that since the vendor list is organized by asking the compromised device, 3Com’s name outlasts in some HP devices’ firmware).