Website driveby attacks that try to boobytrap visitors’ routers are alive and well, according to antivirus provider Avast, which blocked more than 4.6 million of them in Brazil over a two-month span.
The attacks come from compromised websites or malicious ads that attempt to use cross-site request forgery attacks to change the domain name system settings of visitors’ routers. When successful, the malicious DNS settings redirect targets to websites that spoof Netflix and a host of banks. Over the first half of the year, Avast software detected more than 180,000 routers in Brazil that had hijacked DNS settings, the company reported.
The attacks work when routers use weak administrative passwords and are vulnerable to CSRF attacks. Attackers use the malicious DNS settings to phish passwords, display malicious ads inside legitimate webpages, or use a page visitor’s computer to mine cryptocurrencies.
- Cox Internet now charges $15 extra for faster access to online game servers
- Comcast usage soars 34% to 200GB a month, pushing users closer to data cap
- After White House stop, Twitter CEO calls congresswoman about death threats
- The sim swap the US isn’t using
- Probable Russian Navy covert camera whale discovered by Norwegians