Asprox computer virus infects key government and consumer websites
Well you thought you were safe if you did not visit smut sites.. Ah Ah.. now we are in trouble..
"Cyber-criminals have attacked key government and consumer websites, allowing them to steal the personal details of anyone browsing the sites, The Times has learnt.
Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks.
Experts described the Asprox virus as an alarming departure from commonplace viruses, which tend to be spread through rogue e-mails and unregulated websites.
Unlike other viruses, Asprox sits undetected on mainstream sites, with any visitor at risk of being infected. The virus automatically installs itself on a visitor's computer, allowing a hacker to access financial information. "
http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article4381034.ece
http://www.finjan.com/Pressrelease.aspx?id=2003&PressLan=1819&lan=3
JUST MAKE SURE YOU HAVE SOPHOS AND ITS UP TO DATE..
If you use SQL as your Database then you need to check all your systems, basically The Asprox botnet uses a SQL-injection attack tool to hack websites and add yet more hijacked PCs to its army.
remove it:
Asprox manual removal:
Kill processes:aspimgr.exe
Delete registry values: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\sft
Delete files:aspimgr.exe, _check32.bat, ws386.ini
Misc: Asprox uses TCP ports 80 and 82.
Exact file location:ws386.ini - C:\WINDOWS or C:\WINNTaspimgr.exe - C:\WINDOWS\System32 or C:\WINNT\System32_check32.bat - C:\Documents and Settings\[Current User]\Local Settings\Temp
No comments:
Post a Comment