GhostDNS: this is the name of a gigantic botnet (or network of bots) that attacked more than 100 thousand routers in Brazil, which had their DNS settings modified to redirect users to phishing pages.And that only happens when internet users here try to access the websites of the country's main banks.According to the security company Radware, about 88% of these routers are located in Brazil, and the attack has been taking place since mid-August, when the company identified a strange movement.According to Qihoo 360, also a Chinese company that also specializes in cybersecurity, the group behind these attacks has increased activity in recent days.Analyzing the activities involving GhostDNS, another security company, Netlabs, detailed how the attack works: cyber criminals are doing a wide sweep of the IPs of Brazilian routers, mainly looking for those who use weak passwords or who simply , do not use any type of protection.In this way, they are able to access the configuration of the routers and replace them with legitimate DNS specifications with the IPs of the servers they control.The largest of the sites targeted by the attacks are Brazilian banks and hosting services.The redirect promoted by the attack takes victims to a phishing page, which steals their credentials.Criminals use three modules dubbed Shell DNSChanger, Js DNSChanger and PyPhp DNSChanger and all coded in various programming languages ​​such as JavaScript and PyPHP.These modules can, for example, force access to the passwords of 21 routers or firmware packages.From there, it can scan and “hijack” other routers and devices on internal networks.To get an idea of ​​the strength of this attack, only one of these modules uses 69 scripts and is able to discover the passwords of 47 different models of routers.See what brands of compromised routers areAmong the routers affected by Ghost DNS are some well-known Brazilian brands, such as D-Link, Intelbras, Multilaser and TP-Link.Check out the specific models that were attacked below: