A new kind of botnet has been uncovered which takes innovative approach to find security vulnerabilities in the website using systems installed with illegitimate Mozilla Firefox add-on. An investigation by KrebsOnSecurity has revealed.
The “Advanced Power” botnet has already infected more than 12,500 systems. It
installs itself as a legitimate Mozilla Firefox add-on/extension and helped cyber-criminals to identify SQL injection vulnerabilities in 1,800 websites.
Once malware gets into the system, it installs a Mozilla Firefox bogus “Microsoft .NET Framework Assistant” add-on. It is a malicious add-on which has same name as of legitimate add-on tricking user to install. The malicious add-on then searches for all the pages visited by the victim for SQL injection vulnerabilities.
The botnet has been first spotted in 31st May 2013 according to malware analysis service Malwr
and at that time only 3 antivirus applications out of 47 (as shown in below picture) were able to identify this as malicious code according to Virus Total, which is very low detection rate.
Advanced Power malware has been distributed at least in part by the Blackhole exploit kit according to “Kafeine” @ Malware Don’t Need Coffee blog.
Mozilla has blocked bogus “Microsoft .NET Framework Assistant (malware)” add-on used by the Advanced Power botnet.
Attackers are using very deep and innovative approaches to bypass various defensive techniques. Antivirus alone is not enough to protect against these attacks. Install applications/add-ons only from authors whom you trust and keep your browsers up-to date to avoid attacks. Download Saner and keep your systems updated and secure.
– Veerendra GG