According to security expert Brian Krebs, A Firefox plugin has turned 12,500 users of the browser into a botnet which scours every page visited by infected users for vulnerabilities. The ‘Advanced Power’ add-on ensnared 12,500 PCs – and found 1,800 vulnerable websites for its unknown creators.
The malware is essentially designed to carry out the time-consuming task of searching websites for exploitable vulnerabilities while obscuring who might be behind this scanning malfeasance. SQL injection is a prevalent class of website vuln that's frequently used to attack unguarded sites.
The add-on has been in circulation since at least May 31, 2013, according to malware analysis service Malwr. When the malware was first spotted, only two out of 47 antivirus engines were recognizing it as malicious code, according to Virus Total. By August 2013, however, 29 out of 45 antivirus scanning engines were flagging the code as malicious.
In response to the discovery, Mozilla disabled the fraudulent Microsoft .NET Framework Assistant add-on behind the ruse. The extension was added to the Firefox developers' block list on Monday.
The malware is essentially designed to carry out the time-consuming task of searching websites for exploitable vulnerabilities while obscuring who might be behind this scanning malfeasance. SQL injection is a prevalent class of website vuln that's frequently used to attack unguarded sites.
The add-on has been in circulation since at least May 31, 2013, according to malware analysis service Malwr. When the malware was first spotted, only two out of 47 antivirus engines were recognizing it as malicious code, according to Virus Total. By August 2013, however, 29 out of 45 antivirus scanning engines were flagging the code as malicious.
In response to the discovery, Mozilla disabled the fraudulent Microsoft .NET Framework Assistant add-on behind the ruse. The extension was added to the Firefox developers' block list on Monday.
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
No comments:
Post a Comment