Add Your Photos and Video to This Story

Asprox computer virus infects key government and consumer websites

by liamssoft | July 23, 2008 at 08:40 am | 537 views | 11 comments

More alarming news on the loss of personal details from Government internet sites are unfolding...

Eastern European hackers are suspected of placing the Asprox virus on more than a thousand British websites, including those run by the NHS and a local council, in the past two weeks.

Experts described the Trojan.Asprox virus as an alarming departure from commonplace viruses, which tend to be spread through rogue e-mails and unregulated websites.

Unlike other viruses, Asprox sits undetected on mainstream sites, with any visitor at risk of being infected. The virus automatically installs itself on a visitor's computer, allowing a hacker to access financial information.

Last week, Asprox infected the Norfolk NHS website, used by thousands of people a day. Hackney Council’s website was one of 12 local council websites also compromised, meaning that anyone logging on to pay a parking ticket or council tax was at risk over a three day period.

If Aspimgr.exe is present in C:\Windows\System32\Aspimgr.exe then you have been infected. ASPIMGR.EXE can also use the following file names:

    * 58854149.DAT
    * 46195794.EXE
    * 27129742.EXE
    * ASDELETEASPIMGR.EXE
    * DPTRDREEUB-273.PMS.EXE
    * 45814989.SVD
    * 26198456.EXE
    * 43694363.EXE
    * 54220035.EXE
    * 44580542.EXE
    * 0F4B432E01EBABC6658D0BA89318AAEC.EXE
    * DPTRIKEBBM-250.PMS.EXE
    * 81054672.DTA
    * 90486407.DTA
    * ASPIMGRK.EXE
    * ASPIMGR.EX_
    * ASPIMGR.EXE_
    * ASPIMGR.EXE.REN
    * 47417456.DAT
    * ASPIMGR.EXE~
    * 03184165.EXE
    * 70938709.DRO
    * 29141401.EXE
    * 30375621.EXE
    * 08794489.DAT
    * 00024271.DAT
    * 61593775.DAT
    * 79314424.EXE
    * DPTRKOEMQI-947.PMS.EXE
    * 27226451.SVD
    * 12926445.EXE
Source: http://www.prevx.com/filenames/X1036090107530765412-X1/ASPIMGR.EXE.html
Free Scan Prevx CSI Download

Flag this story

Upload

Make your good story a great story. Click here to add your photos & video to this story.

Crowd Power

Scan the web to add photos and videos to this story or add them from the NowPublic Archive.

PEP

at 09:24 on July 23rd, 2008

good stuff:

liamssoft, I like this story. It's good stuff.

liamssoft

at 09:51 on July 23rd, 2008

Many thanks PEP:

comoms

at 16:54 on July 23rd, 2008

good stuff:

liamssoft, Good Stuff. this is an important story. There are rumors of possible hacking attacks in the US DNS system in the next few days. I'll keep an eye out.

liamssoft

at 17:36 on July 23rd, 2008

Many thanks comoms, time to be vigilant.

amyjudd

at 17:44 on July 23rd, 2008

good stuff:

liamssoft, I like this story. It's good stuff.

It's all a bit confusing for me, but this is an important story - thank you for posting it.

liamssoft

at 18:33 on July 23rd, 2008

Many thanks amyjudd, you will see more headlines concerning SQL Injection and for further understanding Microsoft have the explanation advisory and from HP Finding SQL Injection with Scrawlr

René

at 01:25 on July 24th, 2008

Oh, puhleese tell us that NP is not infected!

René

at 01:28 on July 24th, 2008

good stuff:

liamssoft, this is not good news. but thanks for the heads-up. I am so glad I use a MAC and all my websites are on Linux servers. And no Windows partition on my Mac, and never use my IE browser.