SQL Injection Attack Tool Spreading

Secureworks reports that a botnet is attempting to use hijacked computers to propagate a SQL injection attack tool along with a spamming tool and a Trojan that steals passwords.

Joe Stewart of Secureworks writes that "As of yesterday, we observed the Asprox botnet pushing an update to the infected systems, a binary with the filename msscntr32.exe. The executable is installed as a system service with the name 'Microsoft Security Center Extension,' but in reality it is a SQL-injection attack tool.

When launched, the attack tool will search Google for .asp pages which contain various terms, and will then launch SQL injection attacks against the websites returned by the search."

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish