Websense Security Labs researchers have caught a somewhat rare insight into an interface used by an attacker to control infected systems in a bot network.

Websense discovered the new malicious Web sites yesterday, using the company's ThreatSeeker technology. The sites are designed to install Trojan horse bots that seek out banking credentials for more than 50 financial institutions and e-commerce sites from infected machines.

The sites, hosted in Germany, England and Estonia, resolve to five unique IP addresses, apparently by use of a round-robin DNS. All of the sites host the same exploit code, which tries to get into systems via the Microsoft AdoDB/XML HTTP flaw. That flaw was fixed in Microsoft's MS06-014 bulletin in April 2006.

The link for this article located at eweek is no longer available.