Massive Botnet Hijacks Traffic for Brazilian Banking Sites
Cybersecurity company Qihoo 360 revealed this week that a botnet composed of over 100,000 routers was being used by a malicious group to hijack traffic meant for e-banking pages of banks in Brazil.
The Chinese firm’s Netlab division said that around 88% of the affected routers are in Brazil, and another security firm, Radware, said that the group had been running the campaign at least since mid-August.
Netlab researchers also warned that the hackers are scanning Brazil’s IP space for routers that have little or no security to replace legitimate DNS settings with the IPs of servers under their control. This redirects all DNS queries to malicious servers which respond with incorrect information for a list of 52 sites.