Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    DSL Modem Flaw Lets Attackers Infect Millions of Computers in Brazil

    By
    Brian Prince
    -
    October 2, 2012
    Share
    Facebook
    Twitter
    Linkedin

      An ongoing cyber-attack has affected millions of Internet users’ computers in Brazil by exploiting vulnerabilities in their DSL modems, a security researcher said.

      Kaspersky Lab researcher Fabio Assolini detailed the attack last week at the Virus Bulletin conference which was held Sept. 26 to 28 in Dallas. According to Assolini, attacks have been underway since at least 2011 and have flown largely under the radar even as countless users have been redirected to malicious Websites.

      “All too often network equipment devices are forgotten—once installed and configured, most users or businesses do not worry about applying firmware updates provided by manufacturers,” he blogged. “Even the simplest failure can affect thousands of users, who are silently attacked and prompted to inadvertently install malware or steered into phishing domains.”

      “Without much fanfare, a vulnerability showing a flaw in a specific modem was revealed in March 2011,” he continued. “That failure allowed remote access to a DSL modem model. No one knows exactly when criminals began exploiting it remotely. The flaw allows a Cross Site Request Forgery (CSRF) to be performed in the administration panel of the DSL modem, capturing the password set on the device and allowing the attacker to make changes, usually in the DNS servers.”

      The problem is not related to a particular model or manufacturer, but is instead tied to the chipset driver that performs the main functions of the equipment and is bought by modem manufacturers who use it in consumer products, he explained. Kaspersky Lab would not publish the names of the vendors and models affected, but told eWEEK that the affected vendors are all aware of the problem.

      “All the affected devices have in common a Broadcom chipset, used by several manufacturers, including modems approved by the National Telecommunications Agency of the Brazilian government and sold in Brazil,” he blogged. “Interestingly not all devices using Broadcom chips have this problem, but there is no precise data about which versions and equipment are affected.”

      Cyber-criminals used to bash scripts executed in a dedicated server to search the Web for exposed modems. Whenever the attackers found a vulnerable modem, they attempted to exploit the flaw. To help with the attack, the cyber-criminals set up 40 malicious DNS servers on different hosting services. There were recorded attacks on DSL modems from six manufacturers, five of which are widely marketed in Brazil, he explained. He noted that in March CERT Brazil said the attacks had compromised about 4.5 million modems. Some 300,000 of those modems were still compromised as of March.

      “The first thing users may have noticed is that they would visit legitimate Websites such as Google, Facebook and Orkut (a Google social network which is particularly popular in Brazil) and would be prompted to install software,” blogged Graham Cluley, senior technology consultant with Sophos.

      “The end result is that many Brazilian users downloaded code, mistakenly believing they were from websites they trusted, including: br.msn.com/ChromeSetup.exe; facebook.com.br/ChromeSetup.exe; facebook.com/ChromeSetup.exe; facebook.com.br/Activex_Components.exe; and many more,” he continued.

      “In some cases, the attackers didn’t even have to use such social engineering to trick users into installing the software,” Cluley added. The attackers simply exploited Java vulnerabilities to plant malicious code that was stealthily downloaded onto unwitting victims’ computers from what should have been the trustworthy Websites they normally visited, Cluley added.

      According to Assolini, there is not much users can do to avoid this kind of attack beyond using strong passwords, checking their security settings and updating their firmware when patches are available.

      “The rest,” he wrote, “is squarely in the hands of the vendors—the only people who can change the devices’ designs.”

      Brian Prince
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×