Compromised Brazilian Website Used to Hack Routers at Home

Theregister.co.uk reported on 15th September, 2014 quoting Fioravante Souza, Security Researcher of web security outfit Sucuri, as saying "A well-known Brazilian newspaper namely, Politica Estadao, website has been hacked by attackers with malware which attacked home routers of readers."

Attackers fixed iFrames in the website of the daily which started brute force password guessing attacks against users as and when loaded.

Souza says that attackers intended to change the settings of DNS on hacked routers writing that "...the payload was undertaking the user admin, gvt, root and some other usernames with the default passwords of the router. The script is then used to find the local IP address of your computer and it begins to guess the router IP by passing it as a variable to another script. iFrames tried to change the configuration of DNS on DSL router of the victim by brute forcing the admin credentials."

The code of attack was manipulated to target Internet Explorer which attacked IP addresses on local network range of reader including '192.168.0.1' and '192.167.1.1'.

Souza analyzed and revealed that the concealed iFrame injection loads matter from laspeores (.)com(.ar.).Threatpost.com reported on 12th September, 2014 quoting Souza as saying "A second iFrame is consequently loaded and pulls matter from vv2(.)com, a URL shortener, and 3rd iFrame then loads with tainted JavaScript redirecting to a third website."

Hackers know very well that small business and home routers have shortcomings as most of them do not have sufficient fixing and have weak or default passwords.

Hence, an attacker can redirect router traffic and can conduct any number of bonus attacks putting credentials, banking, email and other kind of transactions at risk.

The number one distribution mechanism for malware has been Websites for a while which has been the evolution in attacks. It's not likely that this will end soon and hence you have to be vigilant ad prepared. You have to remember that your personal online security is as important as your website security.

Experts conclude that you should disable the execution of JavaScript on browsers or disable play options for objects in the browser to minimize such attacks.

» SPAMfighter News - 9/22/2014