Red Security

Full Version: Brazil Target of New DNSChanger Botnet
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
[Image: botnet-600x450.jpg]

    We are starting off the month of October with over 100,00 routers in Brazil under attack by a new botnet. This one dubbed [GhostDNS] as it is designed to attack vulnerable routers with specially made modules that contain a plethora of malicious scripts. Once these routers are breached, it goes about changing the router DNS settings and replacing it with servers that they owned. 


    Now this particular malware is similar to the [DNSChanger]  https://thehackernews.com/2016/12/dnscha...lware.html campaign that breached routers with the same goal in mind; alter DNS settings. This botnet has mainly targeted Brazil's banking sector. This is a large scale campaign, and one that may have already hijacked an untold amount of user data. 

    In case you aren't planning on becoming a victim of GhostDNS, there were recommendations to ensure that your router is running the latest firmware, and setting a strong password for your router web portal, as well you could also change your default IP address, or disable your remote administration. 

    <<Let me know what you think, comment if you want>>

---- Sh7nk-Z0id