DSL modem hack used to infect millions with banking fraud malware
By: Dan Goodin, Ars Technica
Millions of Internet users in Brazil have fallen victim to a
sustained attack that exploited vulnerabilities in DSL modems, forcing
people visiting sites such as Google or Facebook to reach imposter sites
that installed malicious software and stole online banking credentials,
a security researcher said.
The attack, described late last week during a presentation
at the Virus Bulletin conference in Dallas, infected more than 4.5
million DSL modems, said Kaspersky Lab Expert Fabio Assolini, citing
statistics provided by Brazil's Computer Emergency Response Team. The
CSRF (cross-site request forgery) vulnerability allowed attackers to use
a simple script to steal passwords required to remotely log in to and
control the devices. The attackers then configured the modems to use
malicious domain name system servers that caused users trying to visit
popular websites to instead connect to booby-trapped imposter sites.