Exploit Attacks Pro-Tibet Site Visitors

    April 10, 2008
    WebProNews Staff

Online attacks focused on exploiting renewed controversy over the Tibet situation by delivering malware to visitors of sites favoring Tibetan separatist efforts.

A Trojan injected into sites favoring Tibetan independence from China targeted visitors with a specially crafted download. Security vendor McAfee said the affected websites hosting this Trojan were probably hijacked to place infected web pages in view of browsers.

Once in place, the Trojan, which they dubbed Friebet, grabs software from remote servers that makes the co-opted machine capable of accepting SQL statements and executing them against other machines.

The Friebet malware can try several options to gain access to the databases backing other servers, according to McAfee:

  • Bind and connect to local or remote databases from the victim machine

  • Query and steal data from local or remote databases
  • Insert arbitrary data into local or remote databases, including web data such as hosting a web exploit

Though web application developers may have safeguards in place against common SQL injection attacks, Friebet is a more direct attack against a backend database. Administrators should review protections for databases to ensure such malicious connection attempts cannot succeed.