An apparent inside job in Brazil’s DNS cache poisining

Securelist.com reported that an employee at one of Brazil’s internet service providers is accused of tampering with the cache of a domain name server.  It is believed that the employee’s work redirected customers looking for Google, Gmail, YouTube, and Hotmail to websites that instructed users to unwittingly download Java programs containing trojans.  These trojans installed banking malware.

http://www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil

Once again, encryption and security protocols are defeated by vulnerabilities attributed to human elements.  Because of the ties to the banking malware, it suggests that this probably is not the work of just one person, acting by themselves.  It is troubling to think that elements of organized crime can gain access to the domain name servers of internet service providers.  We will have to wait and see if the employee was a willing participant or a coerced victim.

Of course it should not be too much of a surprise that it happened in Brazil.  According to Symantec’s latest Intelligence Quarterly Report, Brazil ranks #3 in the world for the source of malicious activity (behind #2 China and #1 USA).

 

Advertisements