Over the past couple of years millions of DSL modems in Brazil were discovered to have several vulnerabilities that made it very easy for hackers/crackers to get into them and use several different exploits. Many people install their networking devices, such as modems, and completely forget about them. This helps when hackers “attack” because people do not often check their modems.
One of the worst exploits allowed a Cross Site Request Forgery (CSRF), which allowed attackers to capture the passwords on modems. With the password, hackers could access the modems and change basically any setting they wanted to. One of the most popular things to change was DNS settings which would cause websites to be redirected to other websites, which the attacker could be controlling.
The problem was not caused by any specific model, manufacturer, or ISP, but actually the chipset driver that most modem manufacturers use. (In this case, the chipset driver that National Telecommunications Agency of Brazil approved.)
Attackers set up a dedicated server to sweep a set range of IPs for vulnerable modems and once a vulnerable modem was discovered, exploits were performed on that modem. Attackers would change the password and then use various exploits to attack the modem. Attacks were registered with 6 different hardware manufacturers and all major ISP providers in Brazil, which resulted in about 4.5 million modems being attacked. The attackers registered 40 malicious DNS severs, almost all outside of Brazil, to perform their attacks.
The main goal of most of these attacks was to steal the banking information of Brazilian customers. They did this by 1. redirecting users to fake banking websites and 2. installing malware on user’s computers. The malware was often installed when users would access a website, such as Facebook, they would be prompted to install a ‘plugin.’