Botnet forces infected Firefox users to hack the sites they visit


Sites browsed by hacked PCs (left) and SQL injection flaws found by the botnet (masked, right). KrebsonSecurity Investigative journalist Brian Krebs has uncovered an unusual botnet that forces infected PCs to scour websites for security vulnerabilities that can cough up proprietary data or be exploited in drive-by malware attacks. The botnet, dubbed “Advanced Power” by its operators, has discovered at least 1,800 webpages vulnerable to SQL injection attacks since May, Krebs reported in a post published Monday . SQL injection vulnerabilities exploit weaknesses in Web applications that allow attackers to send powerful commands to a website’s backend databases. From there, attackers can download login credentials or other database contents or cause sites to post links that silently redirect visitors to malicious websites. Advanced Power masquerades as a legitimate add-on for Mozilla’s Firefox browser. Once installed, it looks for vulnerabilities on sites visited by the infected machine. Krebs wrote: Read 1 remaining paragraphs | Comments        

Continue Reading:
Botnet forces infected Firefox users to hack the sites they visit


Please enter your comment!
Please enter your name here


This site uses Akismet to reduce spam. Learn how your comment data is processed.