The researchers found a list of prefixes for IP addresses in 69 countries to be scanned for reachable devices for each prefix, a total of 65,536 addresses were checked. BRUT is a mass scanner that looks for routers exposed on the public internet and attacks them - no user intervention is needed in this case. Router EK attacks from the local network and requires the user to click on a malicious link. They found included in the archive two methods for attacking routers, Router EK and BRUT, both requiring CSRF requests to change the DNS settings on the device. The name of the file hints that the tool uses DNS hijacking and keylogging to obtain sensitive info from its victims and Avast confirmed this when looking at the source code structure. In a blog post today, Avast Threat Intelligence Team details the functionality of GhostDNS, which was enclosed in a file called “KL DNS.rar,“ its structure shown in the image below. “We downloaded the linked file and found the complete source code of the GhostDNS exploit kit” - Avast
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |