| Popular » |
 Can't Buy The Top
|
Copycat Spammers
|
Online Obstacles
|
Crimes On YouTube
|
eBay Fair Trade
|
eBay Feedback
|
A Trojan injected into sites favoring Tibetan independence from China targeted visitors with a specially crafted download. Security vendor McAfee said the affected websites hosting this Trojan were probably hijacked to place infected web pages in view of browsers.
Once in place, the Trojan, which they dubbed Friebet, grabs software from remote servers that makes the co-opted machine capable of accepting SQL statements and executing them against other machines.
The Friebet malware can try several options to gain access to the databases backing other servers, according to McAfee:
- Bind and connect to local or remote databases from the victim machine
- Query and steal data from local or remote databases
- Insert arbitrary data into local or remote databases, including web data such as hosting a web exploit
Though web application developers may have safeguards in place against common SQL injection attacks, Friebet is a more direct attack against a backend database. Administrators should review protections for databases to ensure such malicious connection attempts cannot succeed.
Frequently Asked Computer Security QuestionsU.K. Facing Asian Trojan AttackMac OS X SecurityThe Top Five LAN Security Issues Facing IT Managers TodayMozilla Security Bug Bounty Program AnnouncedComputer Security Still Damaged by Social Engineering Computer Viruses - The New IT Arms RaceInstant Messaging Expressway for Identity Theft, Trojan Horses, Viruses, and WormsWindows XP Internet Security for Advanced UsersRisk Metrics Needed for IT Security
 |
|
|
|
Comments
Post new comment