Asprox Virus

[Mudkiepz 81]

Asprox Virus

 

Cyber-criminals have attacked key government and consumer websites, allowing them to steal the personal details of anyone browsing the sites, The Times has learnt.

 

Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks.

 

Experts described the Asprox virus as an alarming departure from commonplace viruses, which tend to be spread through rogue e-mails and unregulated websites.

 

Unlike other viruses, Asprox sits undetected on mainstream sites, with any visitor at risk of being infected. The virus automatically installs itself on a visitor's computer, allowing a hacker to access financial information.

 

It is not known how many people are affected by the virus, but security experts estimate that it has spread to at least two million computers worldwide.

 

Detective Constable Bob Burls, of the Metropolitan Police computer crime unit, said that there had been a sudden rise in infection rates. “The virus got into the job pages of a local council’s internet page,” he said. “It’s a new thing that people who visit mainstream websites are clobbered.”

 

Such incidents have only come to light after people have found money removed from their bank accounts or other personal data frauds.

 

“We’ve dealt with two major websites in as many weeks,” he said.

 

Ben Taylor, an engineer from South London, had £560 fraudulently taken from his bank account this month. After reporting the theft he installed an anti-virus system, which identified “SQL malware” embedded on his computer — technology associated with Asprox. “I only use the internet a few times a week and didn’t look at anything dodgy,” he said. “It’s scary to think that a criminal was controlling my computer. I’ve got rid of it now.”

 

Last week, Asprox infected a website managed by the Norfolk NHS, used by thousands of people a day. Hackney Council’s website was one of 12 local council websites also compromised, meaning that anyone logging on to pay a parking ticket or council tax was at risk over a three day period.

 

And visitors to Nigella Lawson’s website last week were in danger of picking up something less palatable than a recipe for goose-fat potatoes. A spokesman for Ms Lawson said that the virus, which was installed on the website last Monday, was dealt with “instantly” and that nobody was infected.

 

Yuval Ben-Itzhak, chief technical officer of Finjan, an online security company who exposed the rapid growth of Asprox around the world, said: “This is very serious threat.

 

“Five years ago when your computer got infected by a virus, you noticed immediately that your PC was broken. These days, you don’t notice anything. This is exactly what the hacker wants. It gives him complete control over the infected machine.”

 

Once installed on a personal computer, the Asprox virus allows a hacker to steal files, e-mails and passwords. It can also be used to infect other computers and even make attacks against companies and foreign governments.

 

Any computer without up-to-date anti-virus software is vulnerable. But only around half of current anti-virus programmes can detect Asprox, Mr Ben-Itzhak said.

 

In the US, the virus has successfully penetrated mainstream sites belonging to Sony’s Playstation, the city of San Francisco and Snapple.

 

A spokeswoman for Apacs, the payments organisation, said: “There is a responsibility on website owners to ensure that they have sufficient security software installed so that criminals are not able to easily compromise their sites.

 

“This combined with users not downloading any pop-ups, or falling into any other traps such as those, does considerably reduce the chance of a criminal being able to infect their PC with malware.”

 

The breach comes as losses through online fraud, partly caused by hackers stealing personal data through virus, increased by 37 percent with losses on cards issued in Britain amounting to £144 million compared with £100 million in 2000.

 

--------------------------------------------------------------------------------------------------------------------------

My advise (Dekusvamp):

Follow the manual:

 

Asprox manual removal:

 

Kill processes:

aspimgr.exe

 

 

Delete registry values:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesaspimgr

HKEY_LOCAL_MACHINESOFTWAREMicrosoftsft

 

 

Delete files:

aspimgr.exe, _check32.bat, ws386.ini

 

 

Misc:

Asprox uses TCP ports 80 and 82.

 

Exact file location:

ws386.ini - C:WINDOWS or C:WINNT

aspimgr.exe - C:WINDOWSSystem32 or C:WINNTSystem32

_check32.bat - C:Documents and Settings[Current User]Local SettingsTemp

 

Comment:

If you ever visit symantecs site, don't follow their description.

They say that "It uses your computer as a proxy", they just forgot to say that it steals all information, spreads, and it uses your computer to hack other people. Grats symantec. I would believe symantec made the virus.

 

Source(s): http://

[ViperSRT3g 224]

Wow, that's scary... News approved. ^^

[CheesySalsa 4]

I'm glad I don't live in Europe.

[ViperSRT3g 224]

If you read the entire article properly, it says the virus has spread to the US as well. It hasn't infected as many computers here though, since the virus has been detected and we know about it in advance. Better make sure this site isn't vulnerable... >_>

[Speedskater 167]

kick ass virus in all ways possible

[Mudkiepz 81]

Its really bad :S I would recommend TrendMicro's RUBotted, though i don't know if it identifies asprox, but it should. it does NOT detect the most of storm bots.

 

Link upcoming...

 

There you go! http://www.trendsecure.com/portal/en-US/to..._tools/rubotted

Edited August 21, 2008 by dekusvamp