Investigative journalist Brian Krebs has uncovered an unusual botnet that forces infected PCs to scour websites for security vulnerabilities that can cough up proprietary data or be exploited in drive-by malware attacks.

The botnet, dubbed "Advanced Power" by its operators, has discovered at least 1,800 webpages vulnerable to SQL injection attacks since May, Krebs reported in a post published Monday. SQL injection vulnerabilities exploit weaknesses in Web applications that allow attackers to send powerful commands to a website's backend databases. From there, attackers can download login credentials or other database contents or cause sites to post links that silently redirect visitors to malicious websites.

Advanced Power masquerades as a legitimate add-on for Mozilla's Firefox browser. Once installed, it looks for vulnerabilities on sites visited by the infected machine. Krebs wrote:

Although this malware does include a component designed to steal passwords and other sensitive information from infected machines, this feature does not appear to have been activated on the infected hosts. Rather, the purpose of this botnet seems to be using the compromised Windows desktops as a distributed scanning platform for finding exploitable Web sites. According to the botnet’s administrative panel, more than 12,500 PCs have been infected, and these bots in turn have helped to discover at least 1,800 Web pages that are vulnerable to SQL injection attacks.

It's not yet clear how initial infections take place. One possibility is that users are tricked into installing what they believe is a legitimate and non-malicious component or application. On infected systems with Mozilla Firefox installed, the bot malware installs a bogus browser plugin called "Microsoft .NET Framework Assistant." The malicious add-on appears to have no relation to this legitimate add-on by the same name.

Update: In an e-mail, a Mozilla representative said the malicious add-on is no longer available.

"We have disabled the fraudulent "Microsoft .NET Framework Assistant" add-on used by 'Advanced Power' as part of its attack," the e-mail stated."You should always

be careful with anything you download. It's a good idea to use many layers of protection, including antivirus software to stop malware."