A pair of researchers are reporting that the 'Fribet' Trojan has spread among users by embedding itself in pro-Tibet websites by way of an SQL injection and then exploiting a browser vulnerability to remotely install and execute.
McAfee researchers Shinsuke Honjo and Geok Meng Ong reported on a company blog posting that the Trojan not only gives the attacker the ability to remotely control and perform installations on infected PCs, but it also provides the ability to receive SQL instructions.
This, the researchers say, can allow the attacker to use infected machines to host other web exploits.
"This Trojan apparently can be used as an alternate to SQL Injection attacks, but in a more direct way," they wrote.
"Even the administrators of secure websites, protected against common SQL injection attacks, should ensure database backends are equally secure to defend against such a penetration vector."
There are, however, some mitigating factors. At the time of the posting, the server that the infected machines connected to was not active, so computers running the Trojan were not being sent commands.
The researchers also noted that in order to host web exploits on a machine, an attacker would need extensive information on a machine's network configuration and user credentials. Researchers do, however, believe that such information could be obtained through Fribet's info-stealing components.
Tibet attack Trojan identified
By
Shaun Nichols
on Apr 12, 2008 6:37AM
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Shure Microsoft Certified Audio for Teams Rooms
Tech Data: Driving partner success in a digital-first economy
Promoted Content
From Insight to Opportunity: How SMB Service Demand is Shaping the Next Growth Wave for Partners
_(11).jpg&h=142&w=230&c=1&s=1)
The Compliance Dilemma for Technology Partners: Risk, Revenue, and Reputation
Channel faces AI-fuelled risk as partners lag on data resilience, Dicker Data summit told
.jpg&w=100&c=1&s=0)
_(8).jpg&w=100&c=1&s=0)
