JavaScript toolkit hit 10,000 websites in December: Finjan

Share this article:
More than 10,000 trusted websites were infected last month by the random js toolkit, elusive crimeware designed to send victims' personal information to attackers via the web, according to Finjan.

Yuval Ben-Itzhak, Finjan chief technology officer, said today that the toolkit uses three different methods of obfuscation to avoid detection and is simple to use.

“It's a very successful model. You no longer have to be a computer expert or have computer-science skills. You can pay $100 and have it put on a server you've already compromised,” he told today. “[The toolkits] have online reporting and they have automatic updates, so if Microsoft pushes a patch, they can make an adjustment.”

The toolkit targets users by embedding dynamic malicious script into the websites themselves. About 80 percent of pages hosting malicious software or drive-by downloads in 2007 were part of legitimate sites, according to Finjan.

The embedded malicious code does not appear on the trusted site after an end-user's first appearance, making the malware difficult to track, according to researchers at the San Jose, Calif.-based anti-virus vendor.

Two months ago, researchers at Exploit Prevention Labs, now a part of Grisoft, discovered malicious banner ads on the websites of Major League Baseball and the National Hockey League.

Finjan last week warned end-users that cybercriminals are on the verge of creating trojans designed specifically to take advantage of Web 2.0 technologies and social networking websites.

Ben-Itzhak said the toolkit is still serving malware to unexpecting end-users.

“It's still active. We first noticed it in mid-December and our servers indicated it's still alive and kicking,” he said. “It was serving as much as 14 million banners a week and almost all of them were malicious.”

Share this article:

Sign up to our newsletters

More in News

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report ...

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Superman soars above fellow superheroes as most toxic search term

A McAfee study found that searches pertaining to Superman exposed users to the most infected websites.

Black Hat talk on Tor weaknesses canceled

Black Hat organizers say legal counsel for the Software Engineering Institute and Carnegie Mellon University nixed the session.