Fabio Assolini Kaspersky Lab
download slides (PDF)
One firmware vulnerability, two malicious scripts, three hardware manufacturers, 35 malicious DNS servers, thousands of compromised ADSL modems, millions of victims.
It sounds like the trailer for a Hollywood blockbuster, but it's the real story of Brazil's biggest cybercriminal attack, affecting local ISPs and ADSL modems and exposing millions of customers of the country's leading banks to a mass drive-by pharming attack.
In this presentation we will show how Brazilian cybercriminals exploited an under-the-radar vulnerability which affected thousands of outdated ADSL modems across the country. This enabled an attack on network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months. It was an unbelievable scenario, fuelled by widespread neglect of ISPs, blunders from hardware manufacturers, under-educated users and official apathy. Thousands of desperate, confused customers ending up looking for advice and solutions from the tech support of anti-malware companies.
We will also undertake a deep analysis to examine how anti-virus companies lack the capacity to detect exploits which attack network devices, and explore ways of dealing with the problem.