Accounts of Brazilian top bank Bandesco compromised through cache poisoning

Globo.com posted an unconfirmed report where it said that the site of Brazilian largest bank Bandesco was attacked by the cybercrooks who redirected its customers to fraudulent websites that attempted to steal passwords and install malware, reports the Register. The redirection is said to be the result of cache poisoning attack on Brazilian internet service provider NET Virtua.

As it is known DNS cache poisoning attacks exploit vulnerabilities in the internet's domain name system. Those ISPs that failed to patch their systems properly against the weaknesses are first to fall preys to the attackers who replace the legitimate IP address of a given website with a fraudulent number. As people are denied access to their accounts on the fake banking websites they enter their login information several times allowing thus the criminals to steal their data.

The report on Globo.com says that 1% of Bandesco’s customers were affected by the fraud. The report also noted that customers who were paying attention would have noticed Bandesco's secure sockets layer certificate generated an error when they were redirected to the fraudulent login page. Besides, a domain used for Google Adsense was redirected to a site that used malicious Javascript to install malware redirected machines. The article concluded that the problems have been fixed since that time.