DNS Cache Poisoning Used in Brazilian Phishing Attack

DNS Cache Poisoning Used in Brazilian Phishing Attack

Zscaler Security researchers have found a phishing attack that used DNS cache poisoning to direct victims to a spoofed banking website. The unusual attack was detected to target customers of Banco Santander Brasil, in Brazil. Attackers managed to force several DNS servers to resolve santander.com.br to an IP address under their control. The spoofed page hosted on the rogue web server was very well crafted and looked identical to the real one.
"In such a situation, phishers do not need to blast e-mails to random Brazilian e-mail accounts. They just need to wait for the Santander customers to login into their bank account, when accessing the site via the poisoned DNS servers," Zscaler's Julien Sobrier explains.
This type of phishing attack is very hard to detect and block. Victims have no indication that they are on a different website
Fortunately, the affected DNS servers have been cleaned up and are now functional properly. The number of potentially affected users is not known.

 

.............................................................................................................................