The tale of one thousand and one ADSL modems

Fabio Assolini Kaspersky Lab

One firmware vulnerability, two malicious scripts, three hardware manufacturers, 35 malicious DNS servers, thousands of compromised ADSL modems, millions of victims.

It sounds like the trailer for a Hollywood blockbuster, but it's the real story of Brazil's biggest cybercriminal attack, affecting local ISPs and ADSL modems and exposing millions of customers of the country's leading banks to a mass drive-by pharming attack.

In this presentation we will show how Brazilian cybercriminals exploited an under-the-radar vulnerability which affected thousands of outdated ADSL modems across the country. This enabled an attack on network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months. It was an unbelievable scenario, fuelled by widespread neglect of ISPs, blunders from hardware manufacturers, under-educated users and official apathy. Thousands of desperate, confused customers ending up looking for advice and solutions from the tech support of anti-malware companies.

We will also undertake a deep analysis to examine how anti-virus companies lack the capacity to detect exploits which attack network devices, and explore ways of dealing with the problem.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

VB2014
VB2014 VB2014 will take place 24 - 26 September 2014 at the Westin Seattle hotel, Seattle, WA, USA.

Virus Bulletin currently has 231,347 registered users.