Major DNS Cache Poisoning Attack Hits Brazilian ISPs

MrBrian · Nov 7, 2011

From http://threatpost.com/en_us/blogs/major-dns-cache-poisoning-attack-hits-brazilian-isps-110711:

There is a large-scale DNS cache-poisoning attack going on in Brazil at the moment, with potentially millions of users affected by a tactic that is forcing the to install a malicious Java applet before they can reach many popular sites, including Google, Gmail and Hotmail.
Click to expand...

Hungry Man · Nov 7, 2011

Easiest mitigation - don't live in Brasil.

That's pretty nuts though.

elapsed · Nov 7, 2011

Hungry Man said:

Easiest mitigation - don't live in Brasil.

That's pretty nuts though.
Click to expand...

You're kidding, right? The easiest mitigation is not using your ISP's DNS servers, but a better alternative such as NortonDNS or OpenDNS.

Though, that won't help against this:

He added that some enterprises in the country also had reported that their routers and internal networking devices had been compromised and the attackers had modified the DNS configurations in order to force users to malicious sites.
Click to expand...

Which could be caused by a number of things including holes in the router OS, weak passwords, or even allowing remote management.

wat0114 · Nov 7, 2011

[...] with potentially millions of users affected by a tactic that is forcing the to install a malicious Java applet before they can reach many popular sites, including Google, Gmail and Hotmail.
Click to expand...

Forced how? By gunpoint? Threats against family members?

So when users attempt to connect to a site such as Google through one of the affected ISPs, they are redirected to a site that insists they install a small Java applet in order to continue. That applet, of course, is malware.
Click to expand...

Nothing more than social engineering. The easiest solution, it would seem, is don't click on the applet!

It asks the customer to download and install the so-called “Google Defence” software required to use the search engine.
Click to expand...

Whoaa! this seems frightening...tough to defend against this kind of ruse

hogndog · Nov 8, 2011

Think I'll saddle up and go over yonder to the Comodo forums and see how their secure DNS is holding up..

Hogndog

I'm counting on their brand of firewall secure DNS with Defense +

hogndog · Nov 9, 2011

I picked up this tip for your Comodo Firewall settings that's if you use a Comodo Firewall..

http://www.techsupportalert.com/content/how-install-comodo-firewall.htm#Configure Defense / Sandbox

Hogndog

I add Defense +

m00nbl00d · Nov 9, 2011

wat0114 said:

Forced how? By gunpoint? Threats against family members?
Click to expand...

You'd be surprised.

Searching_ _ _ · Nov 13, 2011

This may be related [thread]311999[/thread]

Log in or Sign up

Major DNS Cache Poisoning Attack Hits Brazilian ISPs

MrBrian Registered Member

Hungry Man Registered Member

elapsed Registered Member

wat0114 Guest

hogndog Registered Member

hogndog Registered Member

m00nbl00d Registered Member

Searching_ _ _ Registered Member

Log in or Sign up

Major DNS Cache Poisoning Attack Hits Brazilian ISPs

MrBrian Registered Member

Hungry Man Registered Member

elapsed Registered Member

wat0114 Guest

hogndog Registered Member

hogndog Registered Member

m00nbl00d Registered Member

Searching_ _ _ Registered Member

Useful Searches