In-the-wild router exploit sends unwitting users to fake banking site

Enlarge (credit: DLink)

here, here, here, here, and here, the flaw allows attackers to remotely change the DNS server that connected computers use to translate domain names into IP addresses.

According to an advisory published Friday morning by security firm Radware, hackers have been exploiting the vulnerability to send people trying to visit two Brazilian bank sites—Banco de Brasil’s www.bb.com.br and Unibanco’s www.itau.com.br—to malicious servers rather than the ones operated by the financial institutions. In the advisory, Radware researcher Pascal Geenens wrote:

Read 5 remaining paragraphs | Comments