Hi malware fighters,
As additional information to this here: http://forum.avast.com/index.php?topic=27279.0 Thanks Charley for the heads-up, I present the following:
Jikto is a web application vulnerability scanner, that silently audits public websites, and send the results to a third party. The software can be embedded on a hacker’s site, but also being placed on trusted sites via cross-site scripting.
The major part of a hacking job is gathering information on a certain website. An attacker can let this task being performed by a large number of users. As an added benefit for the victim this is not done to get to the malcreant’s identity, because the scanning is done by individuals that are unknown of the fact they are infected with Jikto.
"Users have no defense against Jikto and other Javascript base threats (so better install NoScript, my friends, says Polonus, maybe have to configure it accordingly!!) . “I do not infect you with a Trojan or a backdoor. I won’t compromise your 'puter, and that makes all this so dangerous. Anti-virus wont help you there”, says Hoffman, the developer of the zombie-tool.
Jikto works by exploiting a XSS flaw on a given Web site and then silently installing itself on a user’s PC. It can then operate in one of two modes. In one mode, Jikto crawls a specific Web site in much the same way that a Web application scanner would, looking for common vulnerabilities, such as XSS or SQL injection. It then reports the results to whatever machine is controlling it.
In the other mode Jikto calls home to the controlling PC and tells it that it has installed itself on a new machine, and then awaits further instructions from the controller.
Jikto’s master controller has the ability to keep track of which infected machines are online and active at any given time, enabling an attacker to wait until a PC is idle before sending instructions to a bot. This could help the attacker avoid alerting the user of the infected machine to Jikto’s presence. All of this is done in pure JavaScript and, Hoffman said, helped along by the huge explosion in the
number of AJAX-based applications on the Web in the last year or so. AJAX gives users—and attackers—direct access to the APIs in a Web application, which can be quite useful if you’re trying to send malicious commands to back-end applications.
What do the forum think about being the unknown victims of a “benificial” or whatever zombie-ring?
polonus