Sites browsed by hacked PCs (left) and SQL injection flaws found by the botnet (masked, right).
Investigative journalist Brian Krebs has uncovered an unusual botnet that forces infected PCs to scour websites for security vulnerabilities that can cough up proprietary data or be exploited in drive-by malware attacks.
The botnet, dubbed “Advanced Power” by its operators, has discovered at least 1,800 webpages vulnerable to SQL injection attacks since May, Krebs reported in a post published Monday. SQL injection vulnerabilities exploit weaknesses in Web applications that allow attackers to send powerful commands to a website’s backend databases. From there, attackers can download login credentials or other database contents or cause sites to post links that silently redirect visitors to malicious websites.
Advanced Power masquerades as a legitimate add-on for Mozilla’s Firefox browser. Once installed, it looks for vulnerabilities on sites visited by the infected machine. Krebs wrote: