Finjan Discovers Large Amount of Compromised Websites

Governmental, Healthcare, and Top Business Websites Victimized by a New Round of Mass Web Attacks

(24.07.08) - Finjan Inc. announced in its latest blog that its "SecureBrowsing" in-the-cloud security tool detected over 1,000 unique website domains that were compromised by a new round of mass Web attacks that started during July 2008.

The attack toolkit being used by the attackers is aliased "Asprox", and has been around for some years gaining cybercrime popularity during 2007. This attack toolkit is designed to first search Google for webpages with the file extension [.asp]. Once found, it launchesSQL injection attacks to append a reference to the malware file using the iframe tag, which makes it a highly efficient Crimeware tool.

Each of the compromised domains included a reference to a malware that was served by over 140 different domains across the Internet.

"Since the list of these malware serving domains increases every day, we believe this is just the tip of the iceberg for the scope and impact of this attack," said Yuval Ben-Itzhak, CTO of Finjan.

"Among the compromised websites we found were those of respectable organizations, govern-mental institutes, healthcare organizations as well as high-ranked websites. It shows again the resourcefulness and flexibility of cybercriminals. It requires proactive security solutions to safeguard organizations against these kinds of mass Web attacks."

Finjan’s research indicates that the malicious code is still being served by most of the websites and the "Asprox" toolkit is still in use at July 13, 2008.

Finjan’s findings contain examples of compromised websites of organizations and businesses in the following categories:

· Shopping/Lifestyle (15 percent)

· Computing and Internet (15 percent)

· Government (13 percent)

· Healthcare (12 percent)

· Advertisement (13 percent)

· Other (32 percent)

(Finjan: ma)