1,000 web domains compromised this month, says Finjan

Secure web gateway systems developer Finjan detected the attacks using its SecureBrowsing in-the-cloud security tool. Yuval Ben-Itzhak, CTO of Finjan, says the toolkit being used by the attackers is aliased Asprox, and has been around for some years, gaining cybercrime popularity during 2007. It’s designed to first search Google for webpages with the file extension .asp. Once found, it launches SQL Injection attacks to append a reference to the malware file, using the iframe tag, making it extremely efficient. Each of the compromised domains included a reference to a malware that was served by more than 140 different domains across the Internet. “Since the list of these malware serving domains increases every day, we believe this is just the tip of the iceberg for the scope and impact of this attack,” says Ben-Itzhak. “Among the compromised websites we found were those of respectable organisations, governmental institutes, healthcare organisations, as well as high-ranked websites… It requires proactive security solutions to safeguard organisations against these kinds of mass web attacks.”