"The Asprox botnet, a relatively small botnet known mainly for sending
phishing emails, has been spotted in the last few days installing an
SQL injection attack tool on its bots. The bots then Google for .asp
pages with specific terms — and then hit the sites found in the search
return with SQL injection attacks, says Joe Stewart, director of
malware research for SecureWorks, who has documented his findings on
the attack.
Stewart says the Asprox botnet’s SQL injection attack is
likely a copycat of the recent SQL injection Website attacks from
China, which deliver a Trojan that steals online gaming passwords. But
this is the first SQL injection attack Stewart has seen using a botnet
and a toolkit to do the dirty work. Asprox so far has infected over
1,000 Websites this way, he says.
“I’ve seen bots get other types of infection tools, but not
SQL injection” tools, Stewart says. “It’s almost like they noticed the
Chinese[-based] attack and copied their code into their own binary for
their own attack… The hacks are so similar to the way the other SQL
injection attacks are going." – DarkReading
3-4 years ago when I worked at SPI Dynamics (now HP) two PoC tools had been created for internal security research. They didn’t
do anything malicious just test the concept of using search engines to find hosts and test them for a sql error message.
These tools worked so well in finding ‘suspect’ hosts that while it was very cool/scary, we decided speaking about it to the
public was a bad idea. It was only going to have negative affects and we didn’t want to be accountable for introducing this
extremely handy method to the attackers as we knew how large the problem was. 3-4 years later this is the ‘new’ toolkit
to have on the block. This makes me wonder what is being discovered now that we won’t be hearing about for another few years.
This is hardly the last you’ll be hearing about search engine hacking. (what newbies now call google hacking)
Article Link: http://www.darkreading.com/document.asp?doc_id=153921&WT.svl=news1_2
