Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Brazilian ISPs Hit With Massive DNS Attack

Soulskill posted more than 2 years ago | from the going-for-the-gusto dept.

Security 85

wiredmikey writes "Millions of people in Brazil have potentially been exposed to malware, as a result of a nationwide DNS attack. Additionally, several organizations in Brazil are reporting that network devices are also under attack. After being compromised remotely, scores of routers and modems had their DNS settings altered to redirect traffic. In those cases, when employees of the affected companies tried to open any website, they were asked to execute a malicious Java applet, which would install malware presented as 'Google Defence' software."

cancel ×

85 comments

Sorry! There are no comments related to the filter you selected.

Millions Exposed to Malware? (0)

masternerdguy (2468142) | more than 2 years ago | (#37978668)

Sounds kind of sticky.

Re:Millions Exposed to Malware? (0)

Anonymous Coward | more than 2 years ago | (#37979010)

No - Brazilians exposed to malware.

After all... (2)

inexia (977449) | more than 2 years ago | (#37978680)

You're just another BRIC in the wall.

Re:After all... (1)

nazsco (695026) | more than 2 years ago | (#37981268)

The only clever joke here and no score...

also, or that was a inside job because of a cyber crime bill to be voted there soon, or china decided to take easier targets.

Creating a massive botnet? (4, Interesting)

randomErr (172078) | more than 2 years ago | (#37978688)

Sounds like someone is creating a massive botnet for something much bigger or just putting out a warning message. They question is what?

Re:Creating a massive botnet? (1)

RandomFactor (22447) | more than 2 years ago | (#37978742)

What is doubtless money, and someone is in jail already.

Insider jobs at ISPs have always had a lot of potential reach and this demonstrates that.

Re:Creating a massive botnet? (1)

ackthpt (218170) | more than 2 years ago | (#37978776)

Sounds like someone is creating a massive botnet for something much bigger or just putting out a warning message. They question is what?

Perhaps they want to try to create bots to replace the large number they have been losing of late. e.g. [slashdot.org]

Re:Creating a massive botnet? (1)

Smallpond (221300) | more than 2 years ago | (#37978996)

My mail server blocks many .br addresses due to the constant spam, but br is no worse than .ar, .cn, or .pl. Maybe someone is sending a message. Though I can't imagine anybody getting that worked up over email spam these days; maybe 10 years ago.

Re:Creating a massive botnet? (0)

Anonymous Coward | more than 2 years ago | (#37979012)

My mail server blocks many .br addresses due to the constant spam, but br is no worse than .ar, .cn, or .pl. Maybe someone is sending a message. Though I can't imagine anybody getting that worked up over email spam these days; maybe 10 years ago.

Don't worry. That weird guy APK who has an account and for some reason still prefers to post anon... he will tell you how to fix the world with HOSTS files!

According to him a new /etc/hosts file can mend everything but a broken heart. Maybe it can fix that too. You never know and that's the fun!

Re:Creating a massive botnet? (1)

Zontar The Mindless (9002) | more than 2 years ago | (#37979636)

Shhhhhh! Talar man om trollen, så står de i farstun!

Re:Creating a massive botnet? (0)

Anonymous Coward | more than 2 years ago | (#37983332)

Excuse me, what do you have against Poland?

Re:Creating a massive botnet? (1)

Smallpond (221300) | more than 2 years ago | (#37985310)

Nothing Just the Polish ISP tpnet.pl generates massive spam.

Re:Creating a massive botnet? (1)

Anachragnome (1008495) | more than 2 years ago | (#37979694)

"Sounds like someone is creating a massive botnet for something much bigger or just putting out a warning message. They question is what?"

This quote from the first of the linked articles might provide a possible answer...

"We advise all affected users to update antivirus and all software in the computer (such as Java), also change the DNS configuration to other providers (such as Google DNS)...."

Google using their own name in the Trojan would, in my mind, be a masterful example of misdirection--nobody would possibly believe that they would intentionally point the finger at themselves. Genius. Pretty cheap too if all it took was paying off a 27-year old ISP employee.

Re:Creating a massive botnet? (0)

Anonymous Coward | more than 2 years ago | (#37980804)

nobody would possibly believe that they would intentionally point the finger at themselves.

What if that's what the people who made the virus wanted you to think (that Google did it)?

Re:Creating a massive botnet? (0)

Anonymous Coward | more than 2 years ago | (#37985254)

No, there is some sort of cybercrime bill trying to get through their congress right now. Nearly the same thing happened the last time this bill was attempted to get passed.

The modern world sucks. (2)

orphiuchus (1146483) | more than 2 years ago | (#37978700)

Computers may be twice as fast as they were in 1973, but I would kill to go back and live in a time where you had to actually break into my house to steal from me.

Re:The modern world sucks. (0)

Anonymous Coward | more than 2 years ago | (#37978724)

Before banks?

Re:The modern world sucks. (1)

ackthpt (218170) | more than 2 years ago | (#37978804)

Before banks?

Before governments?

Re:The modern world sucks. (2)

Tsingi (870990) | more than 2 years ago | (#37978962)

Before banks?

Before governments?

Before corporations?

Re:The modern world sucks. (3, Insightful)

Lennie (16154) | more than 2 years ago | (#37979048)

I've noticed a pattern.

Usually I like companies better if they are not publicly traded at the stock market.

Publicly trading companies always seem to much focused on the short term.

Re:The modern world sucks. (2)

lgw (121541) | more than 2 years ago | (#37979604)

Yes, those evil corporations. They offer me products I want at prices I am willing to pay and that's just the same as stealing. It's totally evil.

Re:The modern world sucks. (1)

lister king of smeg (2481612) | more than 2 years ago | (#37981086)

i would mod you up if i had the points

Re:The modern world sucks. (1)

Dionysus (12737) | more than 2 years ago | (#37982536)

Don't you know, stuff I want wants to be free!!

Re:The modern world sucks. (0)

Anonymous Coward | more than 2 years ago | (#37982932)

They also poison my groundwater, subvert the democratic process, redefine words through propaganda, lobby for starting wars, erode concepts previously thought sacrosanct like "property" and "privacy"

But, hey, you go right ahead and believe that the government is the source of all your evils. Pay no attention to the wielder of the puppet.

Re:The modern world sucks. (1)

imric (6240) | more than 2 years ago | (#37985028)

That can't be! Corporations are guided by a magic invisible hand so that everything they do is beneficent! And if one does something that has negative effects by accident, the magic invisible hand gently guides them back onto the track of truth! Have a little Faith, man! Any human tragedy that happens while the magic invisible hand does it's work is surely an acceptable loss that only does good to all of us in the long run!

VonMises, Cato and CEI forever, A-men.

Now bend over for your blessings from the Koch Brothers, everyone, then pass the collection plate.

Re:The modern world sucks. (0)

Anonymous Coward | more than 2 years ago | (#37978866)

Twice?

Re:The modern world sucks. (2)

rubycodez (864176) | more than 2 years ago | (#37978956)

Fraud and forgery are very old problems, don't need a computer for them.

Twice as fast? The 0.3 MIPS 8080 vs. a thousands or tens of thousands of MIPS per core processor of today is a much bigger jump. Or we could talk about retrieval speed of 9 track (125 kbytes / sec) vs. Ultrium LTO-5 ( 140 mbytes / second)

Re:The modern world sucks. (0)

Anonymous Coward | more than 2 years ago | (#37981780)

I think that you are off by a factor of 1000, or is the retrieval speed of LTO-5 really 140 millibytes?

MB = MegaByte
Mb = Megabit
mB = milliByte
mb = millibit
KB = Does not exist
Kb = Does not exist
kB = kiloByte
kb = kilobit

https://secure.wikimedia.org/wikipedia/en/wiki/SI_prefix#List_of_SI_prefixes

Re:The modern world sucks. (1)

rubycodez (864176) | more than 2 years ago | (#38008222)

I can't believe you wasted your life typing that. bored?

Re:The modern world sucks. (1)

orphiuchus (1146483) | more than 2 years ago | (#37979520)

Doesn't "twice as fast in 1973" seem awfully specific to any of you *woosh* victims?

Re:The modern world sucks. (1)

Hentes (2461350) | more than 2 years ago | (#37979800)

If you left your door wide open you would have been robbed even back then.

Re:The modern world sucks. (1)

Anonymous Coward | more than 2 years ago | (#37980938)

Still the case. Or did the files suddenly disappear from your box?
Information is not a physical object, and hence can not be owned, stolen or sold. Sorry if the media Mafia bullshitted you into believing them. :-/
If you start to think about information in the right way, you will realize that it's about who you pass information on to and how much you trust them.

In this case, somebody trusted those routers way too much, as this wasn't exactly expected.

But if you only give access to or copy your data to people you trust, or not at all, you're good. Pull your computer from the net, and you got 1973 all over again. Or set up a VPN called "Arpanet", block all other connections to your system, and only let people whose trustworthiness you personally verified in. :)

Re:The modern world sucks. (1)

LordWabbit2 (2440804) | more than 2 years ago | (#37983116)

Fvck that, downloading pron at 28.8k sucked.

Re:The modern world sucks. (1)

Ramin_HAL9001 (1677134) | more than 2 years ago | (#37983286)

You can do that without killing anyone right this minute. Just unplug your computer from the Internet, and from now on just buy all of your software on CD's or on memory sticks from people who can afford security. Rent videos from the video store instead of watching YouTube. Go to the public library to use e-mail. And never ever use a credit card. Always pay with cash, always withdrawn from the bank by a human bank teller, not an ATM.

Then, you can use can use your computer and any other non-internet connected gadget safely to your hearts content.

If you are willing to sacrifice social networking, cell phones, and the use of e-mail in your home, you never have to worry about cyber crime. I'm not being sarcastic, this is totally possible.

Well I guess... (1)

Anonymous Coward | more than 2 years ago | (#37978720)

someone was not happy with the Conrad Murray verdict!

Re:Well I guess... (0)

UnknowingFool (672806) | more than 2 years ago | (#37978782)

Or the horrifying possibility that Justin Bieber might have fathered a child.

Didn't see it (0)

Anonymous Coward | more than 2 years ago | (#37978748)

I'm in Sao Paulo, Brazil's largest city, and didn't see any problem. Nor did I see anything reported in local media.

Re:Didn't see it (1)

ackthpt (218170) | more than 2 years ago | (#37978802)

I'm in Sao Paulo, Brazil's largest city, and didn't see any problem. Nor did I see anything reported in local media.

Keep in mind, a DNS attack could be re-routing all your traffic through a server where it's being screened for goodies - best to be paranoid in these instances than assume it's not happening to you.

Re:Didn't see it (0)

Anonymous Coward | more than 2 years ago | (#37978914)

Like I said, I've seen nothing in the media nor in the tech sites and blogs over here. For now I'm highly skeptical "a massive DNS attack" has happened here. If such a thing had happened I'm sure some effects would be visible. Till now I didn't see anybody complaining of anything.

Re:Didn't see it (1)

icebraining (1313345) | more than 2 years ago | (#37979008)

Not HTTPS traffic, though, at least not unless they've had access to a CA cert too.

Re:Didn't see it (1)

marcosdumay (620877) | more than 2 years ago | (#37979968)

At Brasilia (not a small city, but smaller) I've seen nothing either. The first time I've heard about the attack is here.

Re:Didn't see it (1)

hrimhari (1241292) | more than 2 years ago | (#37980492)

Here. [cadaminuto.com.br]

Looks pretty fresh, so that would explain the lack of coverage. Also, the DNS cache poisoning don't seem to be confirmed yet, only the home router cracking. And the guy who went to jail for being paid to change DNS settings is from a small (?) country town, so the reach of this damage might be negligible country-wise.

Holy shit that's massive! (5, Funny)

Bogtha (906264) | more than 2 years ago | (#37978758)

How many is a brazilian?

Re:Holy shit that's massive! (1)

Kunax (1185577) | more than 2 years ago | (#37978864)

about 203,429,773 million, but it fluctuate decreased and increased but properly mostly increases.

Re:Holy shit that's massive! (2)

TWX (665546) | more than 2 years ago | (#37978930)

A Brazilian is how many people got attacked, silly!

You just don't know your SI units because you're probably American. They're well versed in them in South America...

Re:Holy shit that's massive! (0)

Anonymous Coward | more than 2 years ago | (#37979460)

It's double of a zillion. It's easy to remember because it's like a Bra x Zillion

Re:Holy shit that's massive! (0)

Anonymous Coward | more than 2 years ago | (#37979016)

About 90% of all porn stars

Re:Holy shit that's massive! (0)

Anonymous Coward | more than 2 years ago | (#37980570)

For sure the 10% remaining are from your family.

Re:Holy shit that's massive! (2)

aussie.virologist (1429001) | more than 2 years ago | (#37979310)

How many is a brazilian?

Apparently you remove all the 111111111111111111111's and you are left with lots of Oh's

Re:Holy shit that's massive! (0)

Anonymous Coward | more than 2 years ago | (#37979700)

Best laugh I've had all day...thank you sir (or ma'am).

Re:Holy shit that's massive! (0)

Anonymous Coward | more than 2 years ago | (#37983792)

Ask George W.

Re:Holy shit that's massive! (0)

Anonymous Coward | more than 2 years ago | (#37988008)

How many is a brazilian?

..about 100 argentinians!

First Troll (0)

Anonymous Coward | more than 2 years ago | (#37978772)

Massive Attack Gives ISPs a Brazilian

Re:First Troll (0)

rubycodez (864176) | more than 2 years ago | (#37979006)

were their dark fibers rooted?

Asia Has The Worst Index: +4, Helpful (0)

Anonymous Coward | more than 2 years ago | (#37979018)

    with 70. Brazil must be a distraction from the Greek implosion.

    Here is the Internet Traffic Report [internettr...report.com] .

    Have a day!

Yours In Dallas,
Kilgore Trout.

Ron "Mucho Wacko" Paul For President !!!

Bad Sportsmanship (1)

Bitsy Boffin (110334) | more than 2 years ago | (#37979060)

A ruthless minority of people seems to have forgotten good old fashioned virtue.

If these people would just play the game, they'd get a lot more out of life.

Ministry of Information, Deputy Minister, Eugene Helman

Brazilian DNS attack may be political manoeuver (5, Interesting)

Anonymous Coward | more than 2 years ago | (#37979090)

A sweeping bill on cybercrime is due to be voted this week in the Brazilian Congress. The bill caters to banks and other big service providers, but is opposed by most other informed citizens, including the Brazilian Internet managers. The bill has been floored several times in the past few years, but every time was retracted due to fierce opposition. Last time that bill was up for voting there was a wave of hacker attacks to government and politicians' sites a few days before the expected voting date. Those attacks were widely believed to be an attempt by supporters to sway the vote of congressmen in favor of the bill. This attack is more serious but its timing strongly indicates that it has the same motivation.

Re:Brazilian DNS attack may be political manoeuver (0)

Anonymous Coward | more than 2 years ago | (#37979350)

Could also be an attack designed to make cyber-security at the government level important to other countries. What better way than to say "They almost destroyed , we need more protection!"

Re:Brazilian DNS attack may be political manoeuver (0)

Anonymous Coward | more than 2 years ago | (#37979442)

That should have been "they almost destroyed <country-x>..."

Re:Brazilian DNS attack may be political manoeuver (0)

Anonymous Coward | more than 2 years ago | (#37979712)

This has always been the case in the past it's just that there's this new avenue, the internet, where the blame or perpetrator is far easily hidden. What a perfect place to wage your wars, install your laws and get your mates into high places.

Re:Brazilian DNS attack may be political manoeuver (0)

Anonymous Coward | more than 2 years ago | (#37981562)

Yes, I am Brazilian, and agree with you.

Freedom is a really problem for many people and companies in Brazil.
This attack could also was paid by some group.

TVs, and media was for a long time talking about Cibercrime, blah blah blah.

But, when you check the proposals to be voted, they are not to prevent or investigate.
Most, are to punish offenders of politicians or companies. Dishonest people can easily control
media, but not Internet.
Sometime I make a complaint to PF (ours FBI), and also to the office of Minister of Justice, about a group that open false websites,
to sell products. This group are still in operation, for more than a decade. There a lot of data to investigate.
But, what happens! Nothing. May be they have good friends.

Re:Brazilian DNS attack may be political manoeuver (0)

Anonymous Coward | more than 2 years ago | (#37981790)

>> ....the Brazilian Internet managers,...

"Internet Manager". I want to be one of those. I love that title! I'm ordering business cards right now!

It was Chael Sonnen (0)

Anonymous Coward | more than 2 years ago | (#37979104)

I bet it was Chael Sonnen. Seriously, I didn't know they had computers there.

Re:It was Chael Sonnen (0)

Anonymous Coward | more than 2 years ago | (#37980566)

I didn't know they had computers there.

We don't.

We hacked thousands of telex machines on a bunch of old CRTs televisions set, wired on some unused submarine cables.

The worst part was the energy lines, but we managed to hire some wackos from the EUA for pedalling our generators in exchange for our promising to drop our Nuclear Energy Plants on Amazon.

Re:It was Chael Sonnen (0)

Anonymous Coward | more than 2 years ago | (#37980968)

I didn't know they had computers there.

We don't.

We hacked thousands of telex machines on a bunch of old CRTs televisions set, wired on some unused submarine cables.

The worst part was the energy lines, but we managed to hire some wackos from the EUA for pedalling our generators in exchange for our promising to drop our Nuclear Energy Plants on Amazon.

EUA = USA :)

gib moni (0)

Anonymous Coward | more than 2 years ago | (#37979152)

And on that day, millions of huehuehuehuehuehues were silenced.

Re:gib moni or I report u (0)

Anonymous Coward | more than 2 years ago | (#37979262)

BR?

weird (0)

Anonymous Coward | more than 2 years ago | (#37979208)

Hi. That's very weird news. I live in Sao Paulo, Brazil, and I did not see nor heard anything about that. So i doubt it's "millions" of brazilians. Which ISP exactly got infected? And where are the references for the "several Brazilian ISPs"?

Re:weird (1)

lvxferre (2470098) | more than 2 years ago | (#37980140)

The ISPs were GVT and Oi (source [tecnoblog.net] ).
Actually, for me, this is kinda funny - I use Oi, but I only saw about this DNS poisoning here in Slashdot... no changes, no malware warning, nothing.

Another info (1)

lvxferre (2470098) | more than 2 years ago | (#37980192)

Oi's DNS default poisoning (an unwanted "custom search" instead of 404 error page) is sadly working as usual.

that awkward moment (1)

hagnat (752654) | more than 2 years ago | (#37980044)

when you get news about your own country first in an international news site

Re:that awkward moment (1)

lvxferre (2470098) | more than 2 years ago | (#37980256)

When you know that Slashdot has better news for geeks than Terra and UOL.

Re:that awkward moment (0)

Anonymous Coward | more than 2 years ago | (#37980756)

When you know that Slashdot has better news for geeks than Terra and UOL.

Surprise.

But against Slashdot (or any other tech site, including Brazilian ones) I wouldn't think that Fox, CNN, NYT, etc, would fare better than Brazilian media.

Re:that awkward moment (1)

nazsco (695026) | more than 2 years ago | (#37981250)

nationwide DNS attack is news for 'geeks'?!?

brazil is the country with most widespread internet banking. Here in the US credit cards doesn't even have a chip! and most bills came with a pre-addressed envelope for you to send a ... gasp... check!

Re:that awkward moment (0)

metrix007 (200091) | more than 2 years ago | (#37982740)

credit cards shouldnt have a chip, as chip and pin is very insecure. most other countries use online banking , brazil is not special in this regard.

Re:that awkward moment (1)

d4fseeker (1896770) | more than 2 years ago | (#37983452)

So you prefer the good old-fashioned swipe with signature which you could easily -in theory- claim to be faked?
Well I guess you'd prefer to pay with your mobile phone... full of potential spy- or adware...

Re:that awkward moment (1)

metrix007 (200091) | more than 2 years ago | (#37986262)

read up on chip and pin. It has shown to be insecure time and time again. It is just a way for the banks to shift liability.

Re:that awkward moment (0)

Anonymous Coward | more than 2 years ago | (#37984830)

Calling this "nationwide" is a gross overstimation - I would be surprised if it affected more than a bunch.

Re:that awkward moment (1)

SeaFox (739806) | more than 2 years ago | (#37983632)

In your defense, maybe you couldn't reach any local news outlets online because of a DNS problem.

Good! (0)

Anonymous Coward | more than 2 years ago | (#37980944)

Maybe online gamers can have a day or two in peace if the Brazilian ISP's have to go offline to fix this. Brazilians have a terrible (deserved)reputation of being griefers and trolls.

Re:Good! (1)

lvxferre (2470098) | more than 2 years ago | (#37984960)

The attacks are being directed at the routers, not the ISPs.
Most Brazilian ISPs use a "borrow my router" (we call it comodato) system, where the client uses ISP's router instead of his own.
The thing is... these routers are configured with a default password and most users don't know/want to change it.
So, no, no peace in MMOs... and as a side note, even being Brazilian, I must agree with you: Brazilian MMO players are fcking annoying, worse if you do know Portuguese.

Dammit, it is the zombie apocalypse! (0)

Anonymous Coward | more than 2 years ago | (#37984214)

Jeez, I take care of three networks here in Brazil, two small and one that is rather large (as in >10.000 nodes, in > 200 sites).

It is the damn zombie apocalypse down here, man. Only they don't want brains, they feed on packets and credentials. Instead of the stench of death, the air is thick with spam.

Yes, we are pretty sure this is the same !@#$! narcs for hire that are helping the groups that want that congress law passed, only now they decided to finance a _real_ large-scale international criminal operation instead of duping a bunch of idiot kids into DDoSing some Brazilian targets. Last time, they duped Lulzsec into accepting a traitor and used the fools to further their goals. This time, we've had three separate bank systems forced offline "for unspecified reasons" in the last month, and now a massive DNS attack.

In Brazil, nothing like this happens by coincidence. Our local criminals are in the business of making money, and not in the business of getting the fed police involved (it usually results in real jail time and deaths) and getting more draconian laws passed. Right now, the only criminals that are not happy with the status-quo are the suits from the RIAA and MPAA-like organizations pushing for what people here calls the "AI-5 digital" (AI-5 was the government act that created our version of the ghestapo during the military dictatorship in the 60's, 70's and 80's).

Massive misinformation (1)

Altieres Rohr (1286518) | more than 2 years ago | (#37986274)

I'm the Brazilian journalist who first reported on this issue [globo.com] .

These attacks are not massive. They are happening in a server each time, and the ISPs use many different servers. As such, the number of affected victims each time is small. However, it is true they are ongoing. ISPs and users need to take action now and protect their DNSs and home routers, respectively, though ISPs are also to blame because they use the same password for the default configuration on every router. Plus, user complaints can be found days apart - but DNS cache poisoning only lasts for a few hours. In other words, there are multiple attacks.

There's info indicating this has been going on and off since at least 2009, but we hadn't heard of it because they were only redirecting banks to identical pages. Now they're trying to use Google, Facebook et al to infect users with trojans, which is far easier to notice.

It's also true a sysadmin was arrested for accepting a R$ 10,000 (about US$ 6,000) monthly bribe to change the DNS configuration in an ISP, probably a small or medium-sized one.

I'm a GVT user (one of the affected ISPs) and I have verified my DNS server went from not using random ports to using random ports. I last checked this about two weeks. So yes - this is happening, and they have taken some action. But the DNS server I use was never poisoned, and many other users have not seen or noticed these attacks.

which DNS servers were compromised? (0)

Anonymous Coward | more than 2 years ago | (#37990188)

the news is light on pratical details

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>