iTnews
  • Home
  • News
  • Technology
  • Security

Tibet attack Trojan identified

By Shaun Nichols
Apr 14 2008 7:35AM
Follow google news

A new SQL-based Trojan has been connected to the recent attacks on pro-Tibet websites as well as the outbreak of site infections uncovered last month..


A pair of researchers are reporting that the 'Fribet' Trojan has spread among users by embedding itself in pro-Tibet websites by way of an SQL injection and then exploiting a browser vulnerability to remotely install and execute.

McAfee researchers Shinsuke Honjo and Geok Meng Ong reported on a company blog posting that the Trojan not only gives the attacker the ability to remotely control and perform installations on infected PCs, but it also provides the ability to receive SQL instructions.

This, the researchers say, can allow the attacker to use infected machines to host other web exploits.

"This Trojan apparently can be used as an alternate to SQL Injection attacks, but in a more direct way," they wrote.

"Even the administrators of secure websites, protected against common SQL injection attacks, should ensure database backends are equally secure to defend against such a penetration vector."

There are, however, some mitigating factors. At the time of the posting, the server that the infected machines connected to was not active, so computers running the Trojan were not being sent commands.

The researchers also noted that in order to host web exploits on a machine, an attacker would need extensive information on a machine's network configuration and user credentials. Researchers do, however, believe that such information could be obtained through Fribet's info-stealing components.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
attackidentifiedsecuritytibettrojan

Related Articles

  • Anthropic releases Mythos-class model for public use Anthropic releases Mythos-class model for public use
  • Apple bumps up security in fresh operating system releases Apple bumps up security in fresh operating system releases
  • Meta accuses NSO Group of violating court order by WhatsApp spear phishing Meta accuses NSO Group of violating court order by WhatsApp spear phishing
  • Researchers build self-replicating AI worm with BYO LLM Researchers build self-replicating AI worm with BYO LLM
Join our WhatsApp Channel

Partner Content

Scalable AI solutions: secure delivery
Scalable AI solutions: secure delivery
From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Promoted Content From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
Partner Content Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026
CommBank creates opportunities for technologists to upskill with frontier AI companies
Partner Content CommBank creates opportunities for technologists to upskill with frontier AI companies

Sponsored Whitepapers

Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
  • Security Exhibition & Conference Security Exhibition & Conference
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Researchers build self-replicating AI worm with BYO LLM

Researchers build self-replicating AI worm with BYO LLM
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.