• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

New Botnet Malware Spreading SQL Injection Attack Tool

May 15, 2008

Views: 9,370

[ad]

Now this is an interesting turn of events, the Asprox botnet malware is being used to spread SQL Injection tools rather than sending out phishing e-mails as before.

It seems to install quite stealthily as well disguising itself as a Windows Service with a fairly convincing file name. It’s certainly interesting to see the evolution of this kind of malware, what will be next?

A botnet is outfitting its army of compromised computers with a SQL injection attack tool to hack Web sites, researchers at SecureWorks have discovered.

According to SecureWorks, the Asprox botnet, once used solely to send out phishing e-mails, is pushing the tool out to systems in its network via a binary with the file name msscntr32.exe. The executable is installed as a system service with the name “Microsoft Security Center Extension.”

Despite the name, the file is in fact a SQL injection attack tool that when launched searches Google for .asp pages that contain certain terms. It then launches SQL injection attacks against the Web sites returned by the search.

The bad news is not many AV vendors are detecting it yet, it seems like it’s just another avenue or infection vector for the Asprox malware. It injects an iFrame into vulnerable pages which will lead to the download of the Asprox infector.

Storm did a variation of this as mentioned via FTP.

According to a list from VirusTotal, only a handful of the major anti-virus vendors are detecting the attack tool at this time.

“This is the first time I’ve seen a SQL injection tool, but certainly other botnets have tried to spread in a similar manner, infecting Web sites with IFrames,” said Joe Stewart, director of malware research at SecureWorks. “For instance, Storm tries to get your password if you log in to a Web site with FTP, and will put an IFrame into the page for you.”

So far, SecureWorks has found 1,000 Web sites infected by this wave of SQL attacks. Visitors to these infected Web sites are infected with the Asprox malware—turning them into bots—and also download some scareware.

It seems like a fairly small scale infection for now, but it’s definitely a worrying trend. It seems like the bad guys are definitely keeping up with the latest vulnerabilities in web apps and online languages and they are utilizing them to spread their wares.

Source: eWeek

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Malware, Web Hacking Tagged With: botnet, computer-security, malware, Privacy, sql-injection, trojans, viruses, web-security, worms



Reader Interactions

Comments

  1. eM3rC says

    May 16, 2008 at 12:01 am

    When I first found out about botnets I though it was an amazing concept.

    Not that their being used to distribute files a whole new market of exploiting has just opened. I wonder what the next step is.

  2. 1337ullus says

    May 16, 2008 at 7:13 am

    Actually, it’s real pain to get protected against the botnets. We’ve been and are still beeing attacked by Storm, that is (re)injecting ftp sites every friday or so. The sql injection ome stroke once on may 1st..

    We built an authpf bridge that let you ftp in only if you connected your website first. Hope it’ll stop Storm for a while.
    As for the sql injections, we had to fix a lot of scripts…

    I wonder if there are dnsbl that report botnet infected hosts ..

  3. zupakomputer says

    May 16, 2008 at 4:05 pm

    That’s what happens though, when anything gets complicated (like webpage coding, and database coding) then it becomes a haven for being able to hide all kinds of activity in.

    And personally, I really think that the over-complicated coding is pushed for exactly those reasons. Same way they do that in the law and in any kinds of bureacracies, it’s ordered in such a way that no-one can ever know all of it, and there’s loads of avenues to exploit things through.

    Keep things simple and straightforward, and it’s easy to see who’s doing what and where they are doing it.

  4. 1337ullus says

    May 19, 2008 at 9:02 am

    Look like the injection code use an open source librairy from http://www.indyproject.org/.

    Last week-end attack queries contained : “User-agent: Mozilla/3.0 (compatible; Indy Library).”

  5. Bogwitch says

    May 19, 2008 at 11:54 am

    @1337ullus,

    “We

  6. Jinesh says

    May 19, 2008 at 1:42 pm

    These botnets are scarry. One which i had on my machine used to upload files on torrent. weird huh!!!

  7. 1337ullus says

    May 20, 2008 at 4:48 pm

    @Bogwitch
    No bug to patch in the FTP issue, here is the story:

    Afaik, our customers got infected. The botnet agent either sniff ftp user/pass from network or use well known ftp client config file (filezilla), and send the FTP account to the botnet.

    The botnet then connect with the stolen FTP account and modify specific files (index, js, …) to inject javascripts (trojan downloader).

    New customers get infected while browsing infected websites and botnet life goes on.

    I agree that solution to FTP problem is not to use FTP anymore.
    BUT we got thousands customers accustomed to use FTP with their favorite FTP Client. Then MS secured ftp is … inexistant.
    Also we did change FTP user/pass, but it’s useless as long as customers are infected.

    We also setted blacklists on attackers ip classes, but as fast as it goes, we’ll be blacklisting the whole internet next week.

    The FTP authpf bridge was setted up last week, then the SQL Injection attack stroke. I’ll give you stats of my bridge later.

  8. Bogwitch says

    May 20, 2008 at 7:05 pm

    1337ullus,

    Thanks for clarifying that for me. interesting problem.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 170

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 431

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 475

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 393

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 598

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 560

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (234)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,294,560)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,088)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,623)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,683)
  • Password List Download Best Word List – Most Common Passwords (933,489)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,146)
  • Hack Tools/Exploits (673,293)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,158)

Search

Recent Posts

  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy