The tale of one thousand and one ADSL modems

Fabio Assolini Kaspersky Lab

  download slides (PDF)

One firmware vulnerability, two malicious scripts, three hardware manufacturers, 35 malicious DNS servers, thousands of compromised ADSL modems, millions of victims.

It sounds like the trailer for a Hollywood blockbuster, but it's the real story of Brazil's biggest cybercriminal attack, affecting local ISPs and ADSL modems and exposing millions of customers of the country's leading banks to a mass drive-by pharming attack.

In this presentation we will show how Brazilian cybercriminals exploited an under-the-radar vulnerability which affected thousands of outdated ADSL modems across the country. This enabled an attack on network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months. It was an unbelievable scenario, fuelled by widespread neglect of ISPs, blunders from hardware manufacturers, under-educated users and official apathy. Thousands of desperate, confused customers ending up looking for advice and solutions from the tech support of anti-malware companies.

We will also undertake a deep analysis to examine how anti-virus companies lack the capacity to detect exploits which attack network devices, and explore ways of dealing with the problem.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.