Hacks and Incidents

Malware Attacks Deployed by “Advanced Power” Botnet

Malware Attacks Deployed by “Advanced Power” Botnet: As reported by KrebsOnSecurity, more than 12,500 systems have been tangled up in a botnet that uses victims to deploy malware attacks through a bogus and now-blocked Firefox extension going by the name “Microsoft .NET Framework Assistant”.

Dubbed “Advanced Power”, the botnet looks for vulnerable server configurations on web pages visited by victims and, once found, uses a SQL injection to set up drive-by malware attacks, or grab information stored in databases. The malware also has the capacity to steal passwords, although researchers say that this feature hasn’t yet manifested.

The campaign, which quietly launched as far back as last May, and which some security experts think may be based in the Czech Republic (due to some translated text strings), appears to be an attempt by adversaries to automate the time consuming grunt work of checking websites for vulnerabilities. It’s a solid example that today’s sophisticated malware attacks are a far cry from the typically indiscriminate viruses of years past, which were more concerned with doing damage, and not with stealing data.

Check for Advanced Malware on Your Network Now!
What’s more, it’s a timely reminder of how it only takes one employee to download a single add-on (or click a link, open an attachment, visit a website, or conduct any other ordinary activity) for an infection to occur, and for an unsuspecting enterprise to get swept up in an adversary’s illicit agenda for weeks, months, or even years.

Obviously, enterprises cannot scrutinize all employees at all times — especially since adversaries are remarkably good at masking their actions and the behavior of their malware attacks. Instead, enterprises need to take a more practical approach by proactively scanning their outbound HTTP traffic logs to detect actual live botnets, and once found, take swift action to thwart infections before a real damage is done.

Learn more about Seculert’s unique, innovative botnet interception technology by clicking here. Discover why Seculert is trusted by a growing number of enterprises worldwide to stay safe and successful, even as malware attacks grow more deceptive and destructive.

Standard