14 DAY TRIAL // With the aid of its in-the-cloud security tool named SecureBrowsing, Finjan has discovered that sites belonging to the Government, NHS, and numerous respectable businesses have been compromised, the total number of such sites detected this month alone exceeding the 1,000 mark.
It seems that a massive attack has been launched on the Internet at the beginning of May, to which vulnerable sites have fallen victim. Finjan has identified the tool used by the hackers as Asprox, which became popular back in 2007.
"The attack toolkit is designed to first search Google for webpages with the file extension [.asp] and then launch SQL injection attacks to append a reference to the malware file using the SCRIPT tag," says Ayelet Heyman.
Out of the 1,000+ unique sites that have been infected, 13% were Government pages and 12% belonged to the Health Care system. Here are some examples of institutions that had their official web page compromised: Marysville PD; the Bahia, Brazil Department of Culture and Tourism; the City of San Francisco; the UK NHS (National Health Service); Coca Cola Brazil; the University of California, and so on.
It must be stated that some of the infection has been dealt with in part of the examples presented above, but there are still numerous other sites that continue to spread malware.
Yuval Ben-Itzhak, Chief Technical Officer with Finjan Israel, comments: "Since the list of these malware serving domains increases every day, we believe this is just the tip of the iceberg for the scope and impact of this attack. Among the compromised websites we found were those of respectable organizations, governmental institutes, healthcare organizations as well as high-ranked websites. It shows again the resourcefulness and flexibility of cybercriminals. It requires proactive security solutions to safeguard organizations against these kinds of mass Web attacks."