At the end of last year, we learned that more than 4.5 million home DSL routers in Brazil hacked and router's configured such that it point to malicious DNS. The hack was reported by Fabio Assolini, a Security Researcher from Kaspersky.
As the result of the hack, when a user try to visit google, facebook ,youtube or any other sites, a pop message advised to install a software(malware) in order to access sites. At that time, it is not clear what is the reason behind the attack.
In the recent Virus Bulletin conference , Assolini gave a fascinating presentation, describing how millions of DSL routers were found to have been silently hacked by cyber criminals.
According to report, vulnerability in the modems allowed attackers to access remotely via the net. Normally, if you access a router via net, you will be asked for login credentials.
A security hole in the Broadcom chip included in some routers, allows an attacker to perform a Cross Site Request Forgery (CSRF) in the admin panel of the ADSL modem to capture the password.
Once they obtained the password, hackers modified DNS settings such that when user try to visit legitimate sites, they would be redirected to malicious sites.
In his presentation, Assolini presented an IRC chat between some of the hackers involved in the DNS caper. One of them described how another hacker earned more than 100,000 Reais (approximately $50,000) and would spend his ill-gotten gains on trips to Rio de Janeiro in the company of prostitutes.
