New round of mass Web attacks
Attack tool kit aliased as Asprox is still doing damage to Web sites; kit launches SQL injection attacks to append a reference to the malware file using the script tag, which makes it an efficient crimeware tool
SecureBrowsing, from San Jose, California-based Finjan, an in-the-cloud security tool, detected more than 1,000 unique Web site domains which were compromised by a new round of mass Web attacks that started during May 2008. The attack toolkit being used by the attackers is aliased “Asprox,” and has been around for some years, gaining cybercrime popularity during 2007. This attack toolkit is designed first to search Google for Web pages with the file extension [.asp]. Once found, it launches SQL injection attacks to append a reference to the malware file using the script tag, which makes it an efficient crimeware tool. Each of the compromised domains included a reference to a malware which was served by more than 160 different domains across the Internet. Finjan says that its research indicates that the malicious code is still being served by most of the Web sites and the Asprox toolkit is still in use as of 13 July 2008.
The findings contain examples of compromised Web sites of organizations and businesses in the following categories:
* Shopping/Lifestyle (15 percent)
* Computing and Internet (15 percent)
* Government (13 percent)
* Healthcare (12 percent)
* Advertisement (13 percent)
* Other (32 percent)
The compromised Web sites were detected using Finjan’s patented active real-time code inspection technology. The findings are described in Finjan’s latest research blog.
