Date: 23 Jul, 2008
Posted by: admin
In: internet, web design & development|linux, open source & software
The Times [of London] are reporting, 23 July 2008. that a new trojan is now making waves in the UK having already hit US sites:
Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks. […] Last week, Asprox infected the Norfolk NHS website, used by thousands of people a day. Hackney Council’s website was one of 12 local council websites also compromised, meaning that anyone logging on to pay a parking ticket or council tax was at risk over a three day period. […] In the US, the virus has successfully penetrated mainstream sites belonging to Sony’s Playstation, the city of San Francisco and Snapple.
Asprox is an automated SQL injection attack that uses Google to find vulnerable sites and then injects an IFRAME which links to the malware file payload (“aspimgr.exe”). Of course, as The Times failed to report, the malware only infects Microsoft Windows computers – and what details could be found indicate injected attack code is targeted at pages created as ASP.
The Register gives some information, apparently from the same source. The security consultant mentioned claims that only half of current AV applications can catch Asprox; though VirusTotal report slightly better detection rates of 21/32 (giving details of variants and their names). As Avast seems very popular on Slashdot, you might like to see details from an Avast forum post concerning users who’ve acquired the trojan since June 2008.
This virus took my site offline for 3 weeks and I had to seek an internet security company to fix my site.
It cost me £50 but well worth it after the hastle I have had!!
Hope this helps others: