Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Phishing botnet expands by hacking legit sites

Plants SQL injection attack tool on bots, hacks business, education sites

May 14, 2008 12:00 PM ET

Active Comments
Fred says: SQL Injection attacks like this one are unfortunately very common, and you need to protect your database as much as...
Fred says: SQL Injection attacks like this one are unfortunately very common, and you need to protect your database as much as...


Computerworld - A botnet is now using a SQL injection attack tool designed to hack legitimate Web sites, a move meant to add more hijacked PCs to its collection, according to a security researcher.

The Asprox botnet, which specializes in sending phishing spam, is pushing an update to the infected PCs it controls, Joe Stewart, the director of malware research at Atlanta-based SecureWorks Inc., said today. The update is an executable file -- "msscntr32.exe" -- that installs as a Windows service dubbed "Microsoft Security Center Extension."

But the executable actually installs an SQL injection attack tool, said Stewart.

SQL injection attacks have become widespread as criminals increasingly target legitimate Web sites, figure out a way to hack them, then plant iFrames on those sites to redirect users to malicious servers. Those servers silently attack visitors' PCs, often trying multiple exploits, and if one works, they download additional code to the machine to hijack it from its rightful owner and add it to an army of infected systems.

"There are multiple things out there launching similar attacks," said Stewart in explaining why there's confusion about how the tool is being spread. Some analysts have mistakenly concluded that the SQL injection tool is using wormlike tactics, according to Stewart. "The tool does not spread on its own but relies on the Asprox botnet to propagate to new hosts," he said.

It is becoming increasingly difficult to separate the multiple attack vectors that criminals are using to hack legitimate sites, if only because SQL injection attacks have ballooned in scale. Last month, for example, a massive SQL-injection attack compromised more than a half-million pages, including some on sites run by the United Nations.

After the Asprox botnet seeds its bots with the msscntr32.exe file, the attack tool launches and uses Google's search engine to find potentially vulnerable pages. It then hits those pages with a SQL-injection attack and, if successful, plants a malicious iFrame on the site.

Visitors are redirected through a series of malware-hosting servers that try one or more exploits to crack the PC. If that works, a Trojan horse is downloaded and installed on the PC, adding it to the Asprox botnet; those compromised PCs are then used to spew more phishing spam.

Stewart has counted 1,000 sites that have been hacked by the SQL injection attack tool since Monday night. The sites include small business sites, domains for several small colleges and universities, and some hosted by law firms. Most are in the U.S.

Other security vendors, including F-Secure Corp. and Symantec Corp., have also uncovered evidence of new waves of SQL-injection attacks. Those firms have been pinning responsibility on Chinese hackers who are compromising legitimate sites to spread malware to steal game passwords.



Jump to comments

SQL-injection

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs