Comment Massive misinformation (Score 1) 85
I'm the Brazilian journalist who first reported on this issue.
These attacks are not massive. They are happening in a server each time, and the ISPs use many different servers. As such, the number of affected victims each time is small. However, it is true they are ongoing. ISPs and users need to take action now and protect their DNSs and home routers, respectively, though ISPs are also to blame because they use the same password for the default configuration on every router. Plus, user complaints can be found days apart - but DNS cache poisoning only lasts for a few hours. In other words, there are multiple attacks.
There's info indicating this has been going on and off since at least 2009, but we hadn't heard of it because they were only redirecting banks to identical pages. Now they're trying to use Google, Facebook et al to infect users with trojans, which is far easier to notice.
It's also true a sysadmin was arrested for accepting a R$ 10,000 (about US$ 6,000) monthly bribe to change the DNS configuration in an ISP, probably a small or medium-sized one.
I'm a GVT user (one of the affected ISPs) and I have verified my DNS server went from not using random ports to using random ports. I last checked this about two weeks. So yes - this is happening, and they have taken some action. But the DNS server I use was never poisoned, and many other users have not seen or noticed these attacks.