Trojan Hides In Microsoft SQL Database

Researchers have discovered a Trojan horse that is not downloaded from a URL, but through a Microsoft SQL database. That leaves Intel Security know. The infection begins with an infected e-mail attachment that contains a downloader. Once the attachment is opened will download the final malware.

Normally this is done via a URL, but does in the case of the now discovered downloader that connects to a Microsoft SQL database. That makes it difficult for administrators to find out where the malware comes from. To download the Trojan horse downloader makes the connection to the database, check the correct table and downloads the malware via the response from the database.

VB.Net code showing the SQL query to download the payload.

In this case, it is a banking Trojan that steals money from Brazilian bank accounts. The malware can also steal login details for Facebook, email services and other websites where a password field is used. The Trojan also disables the G-Buster plug-in from. This plug-in should properly protect users during online banking. Furthermore, the malware screenshots of the online banking session. All information stealing malware is then stored in the Microsoft SQL database.