Hackers have adopted a clever approach to swindle users of their hard earned money without letting them have a slightest clue.
The loopholes in the DLink DSL modem routers have been ingeniously leveraged by cyber miscreants to deceive users.
Let us check the process of handling user based queries & requests for web pages and routines over internet after we get acquainted with the following terms:
DSL (Digital Subscriber Line): High Speed digital data transfer between servers and systems using telephone lines.
DNS Server (Domain Name System ): It is a service on multiple servers to resolve the browsing URL that the user inputs to IP (Internet Protocol) Addresses where the website is found.
Every single URL on the internet has an IP address assigned to it. The IP address points to the computer that hosts the server of the website we are requesting to access.
When a user enters a URL (website address), the request is made to a DNS server. The DNS server resolves a host-name like www.gmail.com to the corresponding IP address like 188.8.131.52. Your computer then connects to the IP address to establish the desired connection.
The age old vulnerabilities in the configuration of DLink modem routers are exploited by cyber maniacs to redirect users to fake banking websites and steal their login credentials.
The flaw in the Dlink routers allows attackers to remotely configure the DNS server. Hence when a user inputs URL, these modified settings of the server redirect them to a fake page instead of an actual one.
Researchers at Radware, a security firm have recently unveiled that attackers are exploiting vulnerabilities in Link DSL modem routers to direct user queries trying to visit two Brazilian bank sites – Banco de Brasil (www.bb.com.br) and Itau Unibanco (hostname www.itau.com.br) to malicious fake clones of the sites.
The web pages looked legitimate and identical to the original websites. The fake web page demands for bank account number, mobile number, card pin and eight digits pin. When the user enters the data, this information is captured and sent to hackers.
The malicious DNS servers used in this attack were 184.108.40.206 and 220.127.116.11.
The attack (Exploiting DLink Routers) is insidious as users don’t get to know about the modified/suspicious web page as the hijacking is performed without any user interaction. It doesn’t involve an email or something that user can suspect and report or avoid clicking on.
As a result, the users were getting redirected to the malicious web pages irrespective of the devices, browsers, modes and links used to access the original sites.
Banking websites are always secured by high end technology using HTTPS protocol. However, these forged websites were deemed ‘NOT SECURE’.
Users received certificate warnings when they attempted to access these illegitimate web pages.
It is advised that users should check their router’s configured DNS server settings to identify any suspicious acts or setting changes.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.