Thursday, April 11, 2019
Home / Malware / Botnet utilizes the infected to hack the sites they visit

Botnet utilizes the infected to hack the sites they visit

Brian Krebs has revealed an original botnet that forces infected PCs scour websites for security vulnerabilities that can provide proprietary data or be exploited and have a drive-by placed on the site.

The botnet, is named “Advanced Power” by its operators, and has discovered at least 1,800 webpages susceptible to SQL injection attacks since May, Krebs stated in a blog post released Monday. With an SQL exploit, attackers can access the database of said site and download login credentials or any other database contents or cause sites to post links that quietly redirect website visitors to malicious sites.

Advanced Power looks like a legitimate add-on for Mozilla’s Firefox browser. But, once installed, it looks for vulnerabilities on sites visited by the infected machine. Krebs went on to write:

“Although this malware does include a component designed to steal passwords and other sensitive information from infected machines, this feature does not appear to have been activated on the infected hosts. Rather, the purpose of this botnet seems to be using the compromised Windows desktops as a distributed scanning platform for finding exploitable Web sites. According to the botnet’s administrative panel, more than 12,500 PCs have been infected, and these bots in turn have helped to discover at least 1,800 Web pages that are vulnerable to SQL injection attacks.”

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …