Tibet attack Trojan identified

'Fribet' also connected to SQL attacks

Shaun Nichols in California

A new SQL-based Trojan has been connected to the recent attacks on pro-Tibet websites as well as the outbreak of site infections uncovered last month.

A pair of researchers are reporting that the 'Fribet' Trojan has spread among users by embedding itself in pro-Tibet websites by way of an SQL injection and then exploiting a browser vulnerability to remotely install and execute.

Advertisement

McAfee researchers Shinsuke Honjo and Geok Meng Ong reported on a company blog posting that the Trojan not only gives the attacker the ability to remotely control and perform installations on infected PCs, but it also provides the ability to receive SQL instructions.

This, the researchers say, can allow the attacker to use infected machines to host other web exploits.

"This Trojan apparently can be used as an alternate to SQL Injection attacks, but in a more direct way," they wrote.

"Even the administrators of secure websites, protected against common SQL injection attacks, should ensure database backends are equally secure to defend against such a penetration vector."

There are, however, some mitigating factors. At the time of the posting, the server that the infected machines connected to was not active, so computers running the Trojan were not being sent commands.

The researchers also noted that in order to host web exploits on a machine, an attacker would need extensive information on a machine's network configuration and user credentials. Researchers do, however, believe that such information could be obtained through Fribet's info-stealing components.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

HTC Hero

Video: HTC Hero launch

Handset maker unveils its latest Android-based smartphone

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

firefox logo

In Pictures: Firefox 3.5

Screenshots from Mozilla's latest Firefox web browser

BT

BT scraps Phorm rollout

Telco claims to be too tight on resources to support...

Nokia

Nokia denies Android smartphone rumours

Mobile phone giant insists it will stick with Symbian

Second Life

Second Life seeks to mix the real and virtual worlds

Linden Lab unveils plans to integrate with social networks and...

Primary Navigation