By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Attackers are targeting DLink DSL modem routers in Brazil and exploiting them to change the DNS settings to a DNS server under the attacker's control. This then allows them to redirect users attempting to connect to their online banks to fake banking websites that steal the user's account information. According to research by Radware, the exploit being used by the attackers allows them to perform remote unauthenticated changes to DNS settings on certain DLink DSL modems/routers. This allows them to easily scan for and script the changing of large amounts of vulnerable routers so that their DNS settings point to a DNS server under the attacker's control. When users visit the fake websites, they will look almost identical to the original banking site. At the fake site, though, they will be asked for the bank agency number, account number, eight-digit pin, mobile phone number, card pin, and a CABB number. This information is then collected by the attackers. Complete details can be found on OUR FORUM.