Security researcher Brian Krebs has discovered a new Botnet that tests websites for vulnerabilities using the infected machines. The malware disguise itself as a legitimate Firefox add on called “Microsoft .NET Framework Assistant” is apparently using the infected machines to find SQL Injection vulnerability in any website visited by the victim.
Once the malware determine the list of vulnerable website, the cyber criminals behind the botnet will be able to exploit the vulnerability to inject malicious codes in the websites. So, it will probably help the attacker to increase the number of infected websites and systems.
Once the malware determine the list of vulnerable website, the cyber criminals behind the botnet will be able to exploit the vulnerability to inject malicious codes in the websites. So, it will probably help the attacker to increase the number of infected websites and systems.
Advanced Power test SQL Injection vulnerability
The malware also capable of stealing sensitive information. However, the feature is not appeared to be activated on infected systems.
Alex Holden, chief information security officer at Hold Security LLC, analyzed the malware and believes the malware authors are from Czech Republic, based on the text string available in the threat.
Researcher says more than 12,500 systems have been infected by this malware and helped to discover at least 1,800 web pages vulnerable to SQL Injection.
Update:
In an email, a Mozilla spokesperson told EHN that “they have disabled the fraudulent ‘Microsoft .NET Framework Assistant’ add-on used by ‘Advanced Power’ as part of its attack. You should always be careful with anything you download. It’s a good idea to use many layers of protection, including antivirus software to stop malware.”