Pro-Tibet sites have been under attack recently with an unknown SQL-based Trojan leading the charge. Now, the secrets of the malware have been revealed.
The Trojan was dubbed “Fribet” and, according to McAfee researchers Shinsuke Honjo and Geok Meng Ong, was able to spread by embedding itself in pro-Tibet web sites by using an SQL injection.
The next step was to exploit a a browser vulnerability to remotely install and execute.
A posting on the McAfee blog warns readers that the Fribet Trojan is quite capable of both of remotely controlling and installing software on victim PCs, as well as receiving SQL instructions:
“our reverse engineering of the malicious code shows it is more than capable of the following: - Bind and connect to local or remote databases from the victim machine - Query and steal data from local or remote databases - Insert arbitrary data into local or remote databases, including web data such as hosting a web exploit”
The researchers also warn that even the administrators of secure web sites “should ensure database backends are equally secure to defend against such a penetration vector”, as the trojan can be used as an alternate to SQL Injection attacks.
Add to Favorites
Set Home Page
