14 DAY TRIAL // On Monday, Brian Krebs revealed the existence of a botnet called Advanced Power. The threat relies on a rogue version of the Microsoft .NET Framework Assistant Firefox add-on to hijack computers and turn them into zombies that probe websites for SQL Injection vulnerabilities.
Shortly after, Mozilla announced that it had blocked the fake Microsoft .NET Framework Assistant add-on in order to protect users.
The malicious component is disabled automatically, so users don’t need to take any action.
“We have disabled the fraudulent ‘Microsoft .NET Framework Assistant’ add-on used by ‘Advanced Power’ as part of its attack,” a Mozilla spokesman told Softpedia in a mailed statement.
“You should always be careful with anything you download. It’s a good idea to use many layers of protection, including antivirus software to stop malware.”
Brian Krebs reports that the botnet has already infected over 12,500 computers. The cybercriminals are using the malware to monitor all the webpages visited by the owners of infected devices in an effort to identify SQL Injection vulnerabilities.
They can later exploit the security holes for drive-by download attacks and to retrieve information from the sites’ databases.
At least 1,800 users have already been infected. It’s uncertain at this point how the malware is being distributed.
There are several possibilities. It could be bundled with software served on various websites. The cybercriminals might also be using a malicious site that instructs potential victims to install a software component – in this case, the rogue add-on – in order to view a video or gain access to some content.
In any case, experts say the approach used by the attackers is “deep and innovative.”
If you want to download Microsoft .NET Framework Assistant, you can do so from Softpedia.