- Jan 24, 2011
- 9,378
A slaving operation masquerading as a legitimate add-on for the Mozilla Firefox browser has created a 12,500-PC strong botnet army whose purpose is to find exploitable websites.
According to security researcher Brian Krebs, the botnet, which calls itself Advanced Power, conducts SQL injection attacks on virtually any website visited by the victim. These take advantage of weak server configurations to inject malicious code into the database behind the public-facing web server. If successful, “attackers can use this access to booby-trap sites with drive-by malware attacks, or force sites to cough up information stored in their databases,” he said in an analysis.
SQL injections are extremely popular because of the ability of compromised websites to distribute malware so widely. Imperva noted in a recent report that web applications receive four or more attacks per month, but some websites are constantly under attack – especially retail and e-commerce sites.
A botnet that essentially acts as a distributed, automated scanner for finding those weak configurations is therefore an extremely useful – and efficient – tool to have if you’re a malware pusher. It takes much of the work out of the process and tilts the effort-reward ratio in cybercriminals’ favor.
“When you test an application for SQL injection or any other vulnerability, you have a small frame of reference as to the site’s functionality,” said Alex Holden, chief information security officer at Hold Security, speaking to Krebs. “You often don’t know or can’t see many user functions. And in some cases you need proper credentials to do it right. In this case, the hackers are using valid requests within many sites that end-users themselves are feeding them. This is a much bigger sample than you would normally get. By no means is it a full regression test, but it is a deep and innovative approach.”
Read more: http://www.infosecurity-magazine.co...efox-addon-scans-web-for-sql-vulnerabilities/
According to security researcher Brian Krebs, the botnet, which calls itself Advanced Power, conducts SQL injection attacks on virtually any website visited by the victim. These take advantage of weak server configurations to inject malicious code into the database behind the public-facing web server. If successful, “attackers can use this access to booby-trap sites with drive-by malware attacks, or force sites to cough up information stored in their databases,” he said in an analysis.
SQL injections are extremely popular because of the ability of compromised websites to distribute malware so widely. Imperva noted in a recent report that web applications receive four or more attacks per month, but some websites are constantly under attack – especially retail and e-commerce sites.
A botnet that essentially acts as a distributed, automated scanner for finding those weak configurations is therefore an extremely useful – and efficient – tool to have if you’re a malware pusher. It takes much of the work out of the process and tilts the effort-reward ratio in cybercriminals’ favor.
“When you test an application for SQL injection or any other vulnerability, you have a small frame of reference as to the site’s functionality,” said Alex Holden, chief information security officer at Hold Security, speaking to Krebs. “You often don’t know or can’t see many user functions. And in some cases you need proper credentials to do it right. In this case, the hackers are using valid requests within many sites that end-users themselves are feeding them. This is a much bigger sample than you would normally get. By no means is it a full regression test, but it is a deep and innovative approach.”
Read more: http://www.infosecurity-magazine.co...efox-addon-scans-web-for-sql-vulnerabilities/
