The Virus Bulletin International Conference (VB2012) has just concluded in Dallas, TX, USA. And we have gotten a few stunning facts and figures from the security experts. Fabio Assolini from Kaspersky Lab has created quite a stir by disclosing that about 4.5 million routers were hacked by Brazilian hackers. Most of the hacked routers were from Brazil though.
The router vulnerability that was used by the hackers was already known for some time (since March 2011) but most of the router vendors were either slow to update the firmware of their routers or had stopped maintaining the router.
The Cybercriminals used two bash scripts and Cross site request forgery (CSRF) attack to change the admin passwords of the compromised routers. Once compromised, the DNS servers of the routers were changed. The hackers created more than 35 DNS servers for this purpose and redirected the compromised routers DNS IPs to those DNS servers. This would give them the opportunity to manipulate the IP to Name binding capability of the DNS Servers.
The worst part of this attack is that the users can’t do anything about it except that they start using their custom DNS server in their local PCs instead of the routers. Or otherwise keep their routers firmware up to date. The later will only work if the router vendor has released a fix for this vulnerability.