Hackers pop Brazil newspaper to root home routers

Step One: try default passwords. Step Two: Repeat Step One until success


A popular Brazilian newspaper has been hacked by attackers who used code that attacked readers' home routers, says researcher Fioravante Souza of web security outfit Sucuri.

Attackers implanted iFrames into the website of Politica Estadao, which, when loaded, began brute force password guessing attacks against users.

Souza says the attackers aimed to change the DNS settings on hacked routers, writing that " ... the payload was trying the user admin, root, gvt and a few other usernames, all using the router default passwords.

"[The] script is being used to identify the local IP address of your computer. It then starts guessing the router IP by passing it as a variable to another script," he " Souza adds.

"iFrames were trying to change the DNS configuration on the victim’s DSL router by brute forcing the admin credentials".

Za Nella

Za Nella

The attack code was manipulated to target Internet Explorer that targeted possible IP addresses on a readers' local network range including '192.168.0.1' and '192.167.1.1'.

Content was loaded from the likely compromised website laspeores.com.ar and two others using iFrames that contained malicious JavaScript code.

"This is but one example of a wide range of actions available to the crackers," Souza said. Websites have been the number one distribution mechanism for malware for a while, and now we're seeing this evolution in attacks. It's unlikely that this will end soon"

The attack could be most easily foiled if users changed the administrative credentials on their routers which left usernames and passwords often set both to admin.

Concerned users should disable JavaScript and play options for browser objects, and consider running script blockers such as NoScript or Not Script. ®


Biting the hand that feeds IT © 1998–2021