{"id":11788,"date":"2019-04-07T07:32:14","date_gmt":"2019-04-07T12:32:14","guid":{"rendered":"http:\/\/thewei.com\/kimi\/?p=11788"},"modified":"2019-04-07T07:34:44","modified_gmt":"2019-04-07T12:34:44","slug":"dns-servers-hacked-netizens-trying-to-reach-certain-sites-are-connected-to-phishing-sites","status":"publish","type":"post","link":"https:\/\/thewei.com\/kimi\/dns-servers-hacked-netizens-trying-to-reach-certain-sites-are-connected-to-phishing-sites\/","title":{"rendered":"DNS servers hacked: netizens trying to reach certain sites are connected to phishing sites"},"content":{"rendered":"\n<p>EXCERPT:  Stefan Tanase, principal security researcher at Ixia, told Ars that the DNS servers described in this article were taken down and that the attackers have replaced them with new DNS servers. Ixia analyzed the rogue DNS server and found it targets the following domains:&nbsp;<a href=\"http:\/\/gmail.com\/\">GMail.com<\/a>,&nbsp;<a href=\"http:\/\/paypal.com\/\">PayPal.com<\/a>,&nbsp;<a href=\"http:\/\/netflix.com\/\">Netflix.com<\/a>,&nbsp;<a href=\"http:\/\/uber.com\/\">Uber.com<\/a>,&nbsp;<a rel=\"noreferrer noopener\" href=\"http:\/\/caix.gov.br\/\" target=\"_blank\">caix.gov.br<\/a>,&nbsp;<a rel=\"noreferrer noopener\" href=\"http:\/\/itau.com.br\/\" target=\"_blank\">itau.com.br<\/a>,&nbsp;<a rel=\"noreferrer noopener\" href=\"http:\/\/bb.com.br\/\" target=\"_blank\">bb.com.br<\/a>,&nbsp;<a rel=\"noreferrer noopener\" href=\"http:\/\/bancobrasil.com.br\/\" target=\"_blank\">bancobrasil.com.br<\/a>,&nbsp;<a rel=\"noreferrer noopener\" href=\"http:\/\/sandander.com.br\/\" target=\"_blank\">sandander.com.br<\/a>,&nbsp;<a rel=\"noreferrer noopener\" href=\"http:\/\/pagseguro.uol.com.br\/\" target=\"_blank\">pagseguro.uol.com.br<\/a>,&nbsp;<a rel=\"noreferrer noopener\" href=\"http:\/\/sandandernet.com.br\/\" target=\"_blank\">sandandernet.com.br<\/a>,&nbsp;<a rel=\"noreferrer noopener\" href=\"http:\/\/cetelem.com.br\/\" target=\"_blank\">cetelem.com.br<\/a>, and possibly other sites. People trying to reach one of these domains from an infected router will be connected to a server that serves phishing pages over plain HTTP.<\/p>\n\n\n\n<p>Below is how&nbsp;<a rel=\"noreferrer noopener\" href=\"http:\/\/cetelem.com.br\/\" target=\"_blank\">cetelem.com.br<\/a>&nbsp;appeared in Firefox on a machine configured to use one of the malicious DNS servers.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"422\" src=\"https:\/\/thewei.com\/kimi\/wp-content\/uploads\/dns-hijacking-1024x422.jpg\" alt=\"\" class=\"wp-image-11789\" srcset=\"https:\/\/thewei.com\/kimi\/wp-content\/uploads\/dns-hijacking.jpg 1024w, https:\/\/thewei.com\/kimi\/wp-content\/uploads\/dns-hijacking-225x93.jpg 225w, https:\/\/thewei.com\/kimi\/wp-content\/uploads\/dns-hijacking-300x124.jpg 300w, https:\/\/thewei.com\/kimi\/wp-content\/uploads\/dns-hijacking-768x317.jpg 768w\" sizes=\"auto, (max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" \/><\/figure>\n\n\n\n<p>What follows is this article as it appeared on Thursday, 4\/4\/2019, 2:59 PM:<\/p>\n\n\n\n<p>A wave of DNS hijacking attacks that abuse Google&#8217;s cloud computing service is causing consumer routers to connect to fraudulent and potentially malicious websites and addresses, a security researcher has warned.<br \/><\/p>\n\n\n\n<p>By now, most people know that Domain Name System servers translate human-friendly domain names into the numeric IP addresses that computers need to find other computers on the Internet. Over the past four months, a blog post published Thursday said, attackers have been using Google cloud service to scan the Internet for routers that are vulnerable to remote exploits. When they find susceptible routers, the attackers then use the Google platform to send malicious code that configures the routers to use malicious DNS servers&#8230;<\/p>\n\n\n\n<p><a href=\"https:\/\/arstechnica.com\/information-technology\/2019\/04\/ongoing-dns-hijackings-target-unpatched-consumer-routers\/\">(jump to full article)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>EXCERPT: Stefan Tanase, principal security researcher at Ixia, told Ars that the DNS servers described in this article were taken down and that the attackers have replaced them with new DNS servers. Ixia analyzed the rogue DNS server and found it targets the following domains:&nbsp;GMail.com,&nbsp;PayPal.com,&nbsp;Netflix.com,&nbsp;Uber.com,&nbsp;caix.gov.br,&nbsp;itau.com.br,&nbsp;bb.com.br,&nbsp;bancobrasil.com.br,&nbsp;sandander.com.br,&nbsp;pagseguro.uol.com.br,&nbsp;sandandernet.com.br,&nbsp;cetelem.com.br, and possibly other sites. People trying to reach one of &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/thewei.com\/kimi\/dns-servers-hacked-netizens-trying-to-reach-certain-sites-are-connected-to-phishing-sites\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;DNS servers hacked: netizens trying to reach certain sites are connected to phishing sites&#8221;<\/span><\/a><\/p>\n","protected":false},"author":28,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-11788","post","type-post","status-publish","format-standard","hentry","category-all"],"jetpack_publicize_connections":[],"_links":{"self":[{"href":"https:\/\/thewei.com\/kimi\/wp-json\/wp\/v2\/posts\/11788","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thewei.com\/kimi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thewei.com\/kimi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thewei.com\/kimi\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/thewei.com\/kimi\/wp-json\/wp\/v2\/comments?post=11788"}],"version-history":[{"count":3,"href":"https:\/\/thewei.com\/kimi\/wp-json\/wp\/v2\/posts\/11788\/revisions"}],"predecessor-version":[{"id":11796,"href":"https:\/\/thewei.com\/kimi\/wp-json\/wp\/v2\/posts\/11788\/revisions\/11796"}],"wp:attachment":[{"href":"https:\/\/thewei.com\/kimi\/wp-json\/wp\/v2\/media?parent=11788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thewei.com\/kimi\/wp-json\/wp\/v2\/categories?post=11788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thewei.com\/kimi\/wp-json\/wp\/v2\/tags?post=11788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}