Kaspersky Lab expert Fabio Assolini Report that A massive DNS cache poisoning attack attempting to infect users trying to access popular websites is currently under way in Brazil. Several large ISPs in the highly connected country have been affected by the attack, and police have made at least one arrest in connection with the operation.
Attackers have been able to poison the DNS cache records for several major Web sites at some large ISPs. Last week Brazil's web forums were alive with desperate cries for help from users who faced malicious redirections when trying to access websites such as YouTube, Gmail and Hotmail, as well as local market leaders including Uol, Terra and Globo. In all cases, users were asked to run a malicious file as soon as the website opened.
It asks the customer to download and install the so-called "Google Defence" software required to use the search engine. In reality, though, this file is a Trojan banker detected by Kaspersky's heuristic engine. Research into this IP highlighted several malicious files and exploits hosted there.
Unfortunately for those who fell for the trick, the offered software was a banking Trojan - for a long time now the preferred weapon of choice of Brazilian cyber crooks. According to Kaspersky, the same IP address hosted a number of malicious files and several exploits, and targeted users seem to be exclusively from Brazil.