Brian Krebs has revealed an original botnet that forces infected PCs scour websites for security vulnerabilities that can provide proprietary data or be exploited and have a drive-by placed on the site.
The botnet, is named “Advanced Power” by its operators, and has discovered at least 1,800 webpages susceptible to SQL injection attacks since May, Krebs stated in a blog post released Monday. With an SQL exploit, attackers can access the database of said site and download login credentials or any other database contents or cause sites to post links that quietly redirect website visitors to malicious sites.
Advanced Power looks like a legitimate add-on for Mozilla’s Firefox browser. But, once installed, it looks for vulnerabilities on sites visited by the infected machine. Krebs went on to write:
“Although this malware does include a component designed to steal passwords and other sensitive information from infected machines, this feature does not appear to have been activated on the infected hosts. Rather, the purpose of this botnet seems to be using the compromised Windows desktops as a distributed scanning platform for finding exploitable Web sites. According to the botnet’s administrative panel, more than 12,500 PCs have been infected, and these bots in turn have helped to discover at least 1,800 Web pages that are vulnerable to SQL injection attacks.”