[speeder]

Question: can bank defends themselves when the DNS attacked is client-side?

I am from Brazil, and many, MANY, MAAAANY times I saw my bank webpage be slightly off, and I noticed it was fake, every single time after tracking down the problem was some DNS interception, for example once was a virus on my PC, another time was a virus on my router, another time someone used a bug on my modem to change its DNS configuration without knowing the password, another time the local ISP got hacked and their DNS servers polluted with fake IPs for all major banks.

So, can the bank somehow defend itself from that? (not that they care... from what I've seen so far banks just tell the costumer that he lost the money due to his own fault...)

[pfg]

HTTPS with HSTS would be a mitigation for the attack you describe. An attacker would not be able to obtain a valid certificate for the bank's domain, and HSTS would block SSL stripping attacks as well as prevent users from bypassing any SSL warning pages.

To prevent it on the server-side (i.e. hijacked DNS or web servers) and/or to prevent rogue CAs from issuing certificates for their domain, they would need to use key pinning (for example via HPKP).