留法台灣同學會-解悶來法國 » 網路世界無遠弗屆 » 最新木馬 Asprox computer virus infects key government and consumer websites

頁: [1]

lpbm2008-7-24 10:43 PM
最新木馬 Asprox computer virus infects key government and consumer websites

[size=4][b]Asprox computer virus infects key government and consumer websites[/b][/size]

From The TimesJuly 23, 2008
Alexi Mostrous

[url]http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article4381034.ece[/url]


Cyber-criminals have attacked key government and consumer websites, allowing them to steal the personal details of anyone browsing the sites, The Times has learnt.

Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks.

Experts described the Asprox virus as an alarming departure from commonplace viruses, which tend to be spread through rogue e-mails and unregulated websites.

Unlike other viruses, Asprox sits undetected on mainstream sites, with any visitor at risk of being infected. The virus automatically installs itself on a visitor's computer, allowing a hacker to access financial information.


It is not known how many people are affected by the virus, but security experts estimate that it has spread to at least two million computers worldwide.

Detective Constable Bob Burls, of the Metropolitan Police computer crime unit, said that there had been a sudden rise in infection rates. “The virus got into the job pages of a local council’s internet page,” he said. “It’s a new thing that people who visit mainstream websites are clobbered.”

Such incidents have only come to light after people have found money removed from their bank accounts or other personal data frauds.

“We’ve dealt with two major websites in as many weeks,” he said.

Ben Taylor, an engineer from South London, had £560 fraudulently taken from his bank account this month. After reporting the theft he installed an anti-virus system, which identified “SQL malware” embedded on his computer — technology associated with Asprox. “I only use the internet a few times a week and didn’t look at anything dodgy,” he said. “It’s scary to think that a criminal was controlling my computer. I’ve got rid of it now.”

Last week, Asprox infected a website managed by the Norfolk NHS, used by thousands of people a day. Hackney Council’s website was one of 12 local council websites also compromised, meaning that anyone logging on to pay a parking ticket or council tax was at risk over a three day period.

And visitors to Nigella Lawson’s website last week were in danger of picking up something less palatable than a recipe for goose-fat potatoes. A spokesman for Ms Lawson said that the virus, which was installed on the website last Monday, was dealt with “instantly” and that nobody was infected.

Yuval Ben-Itzhak, chief technical officer of Finjan, an online security company who exposed the rapid growth of Asprox around the world, said: “This is very serious threat.

“Five years ago when your computer got infected by a virus, you noticed immediately that your PC was broken. These days, you don’t notice anything. This is exactly what the hacker wants. It gives him complete control over the infected machine.”

Once installed on a personal computer, the Asprox virus allows a hacker to steal files, e-mails and passwords. It can also be used to infect other computers and even make attacks against companies and foreign governments.

Any computer without up-to-date anti-virus software is vulnerable. But only around half of current anti-virus programmes can detect Asprox, Mr Ben-Itzhak said.

In the US, the virus has successfully penetrated mainstream sites belonging to Sony’s Playstation, the city of San Francisco and Snapple.

A spokeswoman for Apacs, the payments organisation, said: “There is a responsibility on website owners to ensure that they have sufficient security software installed so that criminals are not able to easily compromise their sites.

“This combined with users not downloading any pop-ups, or falling into any other traps such as those, does considerably reduce the chance of a criminal being able to infect their PC with malware.”

The breach comes as losses through online fraud, partly caused by hackers stealing personal data through virus, increased by 37 percent with losses on cards issued in Britain amounting to £144 million compared with £100 million in 2000.

lpbm2008-7-24 10:44 PM
------------------------------------------
[url]http://tw.news.yahoo.com/article/url/d/a/080724/78/13t1f.html[/url]

〔編譯陳成良綜合報導〕英國泰晤士報二十三日報導,近兩週來,一種疑似由東歐駭客開發的Asprox木馬病毒大舉進攻英國政府及消費者網站,英國已有一千多個網站淪陷,任何人只要瀏覽這些網站,其電腦就會遭感染,可能導致個人資料遭竊。目前還不知道究竟有多少電腦被感染,但安全專家估計,這種病毒至少已經擴散到全世界兩百萬台電腦上。


專家指出,Asprox與一般透過詐欺電郵及非法網站散播的木馬病毒大不相同,令人憂心。Asprox能潛伏在主流網站上而不被察覺,只要有人造訪這些網站,Asprox就會自動安裝到訪客的電腦上,讓駭客存取他們的金融資料。


報導指出,每天有數千人次造訪的諾福克郡「國民醫療保健系統」(NHS)網站,上週遭Asprox感染,另外還有十二個地方市議會的網站也遭其毒手。這表示過去幾天登入這些網站的民眾,個人資料都可能遭到駭客盜取。


這種病毒自動安裝在網站訪客的電腦上後,駭客就可以竊取電腦中的檔案、電子郵件及密碼,甚至攻擊企業或外國政府網站。沒有安裝最新防毒軟體的電腦,都可能遭Asprox入侵。但安全專家指出,既有的防毒軟體只有約半數能偵測到這種木馬病毒。

[[i] Last edited by lpbm on 2008-7-24 at 11:45 PM [/i]]


查看完整版本: 最新木馬 Asprox computer virus infects key government and consumer websites


Powered by Discuz! Archiver 2.5 Deluxe  © 2001-2005 Comsenz Technology Ltd
Processed in 0.024693 second(s), 2 queries