Saturday, July 26, 2008

Asprox computer virus infects govt and consumer websites

VIRUS : Asprox computer virus infects govt and consumer websites

Alexi Mostrous

The Times

July 23, 2008


Cyber-criminals have attacked key government and consumer websites, allowing them to steal the personal details of anyone browsing the sites, The Times has learnt.

Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks.

Experts described the Asprox virus as an alarming departure from commonplace viruses, which tend to be spread through rogue e-mails and unregulated websites.

Unlike other viruses, Asprox sits undetected on mainstream sites, with any visitor at risk of being infected. The virus automatically installs itself on a visitor's computer, allowing a hacker to access financial information.

It is not known how many people are affected by the virus, but security experts estimate that it has spread to at least two million computers worldwide.

Detective Constable Bob Burls, of the Metropolitan Police computer crime unit, said that there had been a sudden rise in infection rates. “The virus got into the job pages of a local council’s internet page,” he said. “It’s a new thing that people who visit mainstream websites are clobbered.”

Such incidents have only come to light after people have found money removed from their bank accounts or other personal data frauds.

“We’ve dealt with two major websites in as many weeks,” he said.

Ben Taylor, an engineer from South London, had £560 fraudulently taken from his bank account this month. After reporting the theft he installed an anti-virus system, which identified “SQL malware” embedded on his computer — technology associated with Asprox. “I only use the internet a few times a week and didn’t look at anything dodgy,” he said. “It’s scary to think that a criminal was controlling my computer. I’ve got rid of it now.”

Last week, Asprox infected a website managed by the Norfolk NHS, used by thousands of people a day. Hackney Council’s website was one of 12 local council websites also compromised, meaning that anyone logging on to pay a parking ticket or council tax was at risk over a three day period.

And visitors to Nigella Lawson’s website last week were in danger of picking up something less palatable than a recipe for goose-fat potatoes. A spokesman for Ms Lawson said that the virus, which was installed on the website last Monday, was dealt with “instantly” and that nobody was infected.

Yuval Ben-Itzhak, chief technical officer of Finjan, an online security company who exposed the rapid growth of Asprox around the world, said: “This is very serious threat.

“Five years ago when your computer got infected by a virus, you noticed immediately that your PC was broken. These days, you don’t notice anything. This is exactly what the hacker wants. It gives him complete control over the infected machine.”

Once installed on a personal computer, the Asprox virus allows a hacker to steal files, e-mails and passwords. It can also be used to infect other computers and even make attacks against companies and foreign governments.

Any computer without up-to-date anti-virus software is vulnerable. But only around half of current anti-virus programmes can detect Asprox, Mr Ben-Itzhak said.

In the US, the virus has successfully penetrated mainstream sites belonging to Sony’s Playstation, the city of San Francisco and Snapple.

A spokeswoman for Apacs, the payments organisation, said: “There is a responsibility on website owners to ensure that they have sufficient security software installed so that criminals are not able to easily compromise their sites.

“This combined with users not downloading any pop-ups, or falling into any other traps such as those, does considerably reduce the chance of a criminal being able to infect their PC with malware.”

The breach comes as losses through online fraud, partly caused by hackers stealing personal data through virus, increased by 37 percent with losses on cards issued in Britain amounting to £144 million compared with £100 million in 2000.

No comments:

This Day in History

Thanks for your Visit