Visit Twellow.com
Popular » Can't Buy The Top Copycat Spammers Online Obstacles Crimes On YouTube eBay Fair Trade eBay Feedback
Directory Listings » Blogs Conferences Forums Software Tutorials Submit Site

Exploit Attacks Pro-Tibet Site Visitors


Friebet Trojan carries SQL attack payload

Online attacks focused on exploiting renewed controversy over the Tibet situation by delivering malware to visitors of sites favoring Tibetan separatist efforts.

A Trojan injected into sites favoring Tibetan independence from China targeted visitors with a specially crafted download. Security vendor McAfee said the affected websites hosting this Trojan were probably hijacked to place infected web pages in view of browsers.

Once in place, the Trojan, which they dubbed Friebet, grabs software from remote servers that makes the co-opted machine capable of accepting SQL statements and executing them against other machines.

The Friebet malware can try several options to gain access to the databases backing other servers, according to McAfee:

  • Bind and connect to local or remote databases from the victim machine
  • Query and steal data from local or remote databases
  • Insert arbitrary data into local or remote databases, including web data such as hosting a web exploit

Though web application developers may have safeguards in place against common SQL injection attacks, Friebet is a more direct attack against a backend database. Administrators should review protections for databases to ensure such malicious connection attempts cannot succeed.

Digg This! StumbleUpon This!
AddThis Social Bookmark Widget

About the author:
David Utter is a staff writer for WebProNews covering technology and business. Follow me on Twitter, and you can reach me via email at dutter @ webpronews dot com. Why not Mixx this article while you're here?

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
1 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.