Tech & Biz

Asprox computer virus infects key government and consumer websites

by liamssoft | July 23, 2008 at 04:40 am

783 views | 19 Recommendations | 11 comments

More alarming news on the loss of personal details from Government internet sites are unfolding...

Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks.

Experts described the Trojan.Asprox virus as an alarming departure from commonplace viruses, which tend to be spread through rogue e-mails and unregulated websites.

Unlike other viruses, Asprox sits undetected on mainstream sites, with any visitor at risk of being infected. The virus automatically installs itself on a visitor's computer, allowing a hacker to access financial information.

Last week, Asprox infected the Norfolk NHS website, used by thousands of people a day. Hackney Council’s website was one of 12 local council websites also compromised, meaning that anyone logging on to pay a parking ticket or council tax was at risk over a three day period.

If Aspimgr.exe is present in C:\Windows\System32\Aspimgr.exe then you have been infected. ASPIMGR.EXE can also use the following file names:

    * 58854149.DAT
    * 46195794.EXE
    * 27129742.EXE
    * ASDELETEASPIMGR.EXE
    * DPTRDREEUB-273.PMS.EXE
    * 45814989.SVD
    * 26198456.EXE
    * 43694363.EXE
    * 54220035.EXE
    * 44580542.EXE
    * 0F4B432E01EBABC6658D0BA89318AAEC.EXE
    * DPTRIKEBBM-250.PMS.EXE
    * 81054672.DTA
    * 90486407.DTA
    * ASPIMGRK.EXE
    * ASPIMGR.EX_
    * ASPIMGR.EXE_
    * ASPIMGR.EXE.REN
    * 47417456.DAT
    * ASPIMGR.EXE~
    * 03184165.EXE
    * 70938709.DRO
    * 29141401.EXE
    * 30375621.EXE
    * 08794489.DAT
    * 00024271.DAT
    * 61593775.DAT
    * 79314424.EXE
    * DPTRKOEMQI-947.PMS.EXE
    * 27226451.SVD
    * 12926445.EXE
Source: http://www.prevx.com/filenames/X1036090107530765412-X1/ASPIMGR.EXE.html
Free Scan Prevx CSI Download

0 See all footage | View Slideshow

Share: email story | add to any | | facebook | stumbleupon

recommend This comment thread is now closed

PEP

flagged this story as Good Stuff

at 05:24 on July 23rd, 2008

liamssoft, I like this story. It's good stuff.

liamssoft

at 05:51 on July 23rd, 2008

Many thanks PEP:

comoms

flagged this story as Good Stuff

at 12:54 on July 23rd, 2008

liamssoft, Good Stuff. this is an important story. There are rumors of possible hacking attacks in the US DNS system in the next few days. I'll keep an eye out.

liamssoft

at 13:36 on July 23rd, 2008

Many thanks comoms, time to be vigilant.

Amy Judd

flagged this story as Good Stuff

at 13:44 on July 23rd, 2008

liamssoft, I like this story. It's good stuff.

It's all a bit confusing for me, but this is an important story - thank you for posting it.

liamssoft

at 14:33 on July 23rd, 2008

Many thanks amyjudd, you will see more headlines concerning SQL Injection and for further understanding Microsoft have the explanation advisory and from HP Finding SQL Injection with Scrawlr

René

at 21:25 on July 23rd, 2008

Oh, puhleese tell us that NP is not infected!

René

flagged this story as Good Stuff

at 21:28 on July 23rd, 2008

liamssoft, this is not good news. but thanks for the heads-up. I am so glad I use a MAC and all my websites are on Linux servers. And no Windows partition on my Mac, and never use my IE browser.