Exploit Attacks Pro-Tibet Site Visitors
Online attacks focused on exploiting renewed controversy over the Tibet situation by delivering malware to visitors of sites favoring Tibetan separatist efforts.
A Trojan injected into sites favoring Tibetan independence from China targeted visitors with a specially crafted download. Security vendor McAfee said the affected websites hosting this Trojan were probably hijacked to place infected web pages in view of browsers.
Once in place, the Trojan, which they dubbed Friebet, grabs software from remote servers that makes the co-opted machine capable of accepting SQL statements and executing them against other machines.
The Friebet malware can try several options to gain access to the databases backing other servers, according to McAfee:
- Bind and connect to local or remote databases from the victim machine
Query and steal data from local or remote databases Insert arbitrary data into local or remote databases, including web data such as hosting a web exploit
Though web application developers may have safeguards in place against common SQL injection attacks, Friebet is a more direct attack against a backend database. Administrators should review protections for databases to ensure such malicious connection attempts cannot succeed.