Casa > cibernético Notícias > New DoubleDirect Attack Redirects Traffic from Google, Twitter, Facebook para Hackers
CYBER NEWS

New DoubleDirect Ataque redireciona o tráfego do Google, Twitter, Facebook para Hackers

Um novo tipo Man-in-the-Middle (MITM) Um ataque chamado “DoubleDirect” está se espalhando pela Internet atualmente. O que o ataque faz é redirecionar o tráfego de conexões sem fio de grandes domínios de sites como o Facebook, Google, Twitter, para sites infectados por malware. Falling on such the hackers can steal certificates, credentials and other personal data, as well as infect with malware their victims.

DoubleDirect Working Method

The new malware was found by Zimperium security company researchers. Its technique is the divert the route tables of the Internet Protocol Control Messages (ICMP) from one host to another. The protocols are being used as routers to direct the users’ machine to a better way for a specific spot on the Internet.

“DoubleDirect uses ICMP Redirect packets (tipo 5) to modify routing tables of a host. This is legitimately used by routers to notify the hosts on the network that a better route is available for a particular destination”, Zimperium researchers wrote in a post on the subject.

Ataque DoubleDirect em ascensão

Subjects to the Attacks

Subject to the attack are devices with iOS (Incluindo 8.1.1.), OS X (including Yosemite) e Android (including Lollipop) which usually accept redirecting routes by default. The attack is not working on Windows and Linux though because they do not allow traffic redirection.

Usually redirecting the ICMP can be done either while sending, or while receiving data over a wireless connection but it cannot be applied to both. The new thing in DoubleDirect is that it can perform the MitM attack simultaneously for both which makes it quite dangerous for the infected machines.

Analyzing the attack, the Zimperium researchers proved that the hackers perform a DNS research prior the attack to determine what IP addresses the victim visits. The next step they perform is sending the protocol messages to all IPs found. The attack is known to be active in 31 countries by now – Algeria, Austrália, Áustria, Bahrain, Brasil, Canadá, China, Colombia, Egito, Finlândia, França, Alemanha, Grécia, Índia, Indonésia, Iraque, Israel, Itália, Cazaquistão, Letônia, Malta, México, Países Baixos, Polônia, Federação Russa, Arábia Saudita, Sérvia, Espanha, Suíça, United Kingdom and the United States.

Corporate networks are vulnerable to these attacks as well, and the researchers have presented a simple tool for the DoubleDirect attack detection. You can check it out here.

Avatar

Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...