NEWS - December 17, 2013
by Carol~ - 12/17/13 5:13 PM
Botnet Enlists Firefox Users to Hack Web Sites
An unusual botnet that has ensnared more than 12,500 systems disguises itself as a legitimate add-on for Mozilla Firefox and forces infected PCs to scour Web sites for security vulnerabilities, an investigation by KrebsOnSecurity has discovered.
The botnet, dubbed "Advanced Power" by its operators, appears to have been quietly working since at least May 2013. It's not clear yet how the initial infection is being spread, but the malware enslaves PCs in a botnet that conducts SQL injection attacks on virtually any Web sites visited by the victim. [Screenshot]
Although this malware does include a component designed to steal passwords and other sensitive information from infected machines, this feature does not appear to have been activated on the infected hosts. Rather, the purpose of this botnet seems to be using the compromised Windows desktops as a distributed scanning platform for finding exploitable Web sites. According to the botnet's administrative panel, more than 12,500 PCs have been infected, and these bots in turn have helped to discover at least 1,800 Web pages that are vulnerable to SQL injection attacks.
Continued : http://krebsonsecurity.com/2013/12/botnet-enlists-firefox-users-to-hack-web-sites/
Botnet forces infected Firefox users to hack the sites they visit (updated)
Mozilla blocks rogue add-on that made computers scan sites for flaws
Botnet Using Phony Firefox Add-On Scans for Sites Vulnerable to SQL Injection