Criminals, change the dns servers on the routers to get money to steal

The Polish Computer Emergency Response Team reported criminals that the dns servers in vulnerable routers to modify. They are therefore able to man-in-the-middle attacks, a tactic that the criminals use to make money prey to make with online banking.

The case came at the end of 2013 to roll when the Polish CERT notifications got from iPhone users who had to deal with counterfeit banking sites. Further investigation showed that there was no malware on iOS, but that there was tampered with the routers of the victims. By changing the dns server to an address of a server that is in the hands of the cyber criminals, they could Polish internet users lure them to fake web sites.

The criminals used probably vulnerabilities in routers to set up the dns servers to match, all close to the Polish CERT is not that there is also the use of weak secure login information or passwords. Also notify the security organization not which brands or types of routers are compromised.

Although the criminals with additional malware managed to money spoil, was the man-in-the-middle attack is not completely invisible. It was during the process of movement, partly through a http post and not via https, forcing the browser to sound an alarm. By messing around with domain names and, for example, ‘ssl’ in the address, tried the criminals to this for less experienced users to cover up.