JavaScript toolkit hit 10,000 websites in December: Finjan

Share this article:
More than 10,000 trusted websites were infected last month by the random js toolkit, elusive crimeware designed to send victims' personal information to attackers via the web, according to Finjan.

Yuval Ben-Itzhak, Finjan chief technology officer, said today that the toolkit uses three different methods of obfuscation to avoid detection and is simple to use.

“It's a very successful model. You no longer have to be a computer expert or have computer-science skills. You can pay $100 and have it put on a server you've already compromised,” he told SCMagazineUS.com today. “[The toolkits] have online reporting and they have automatic updates, so if Microsoft pushes a patch, they can make an adjustment.”

The toolkit targets users by embedding dynamic malicious script into the websites themselves. About 80 percent of pages hosting malicious software or drive-by downloads in 2007 were part of legitimate sites, according to Finjan.

The embedded malicious code does not appear on the trusted site after an end-user's first appearance, making the malware difficult to track, according to researchers at the San Jose, Calif.-based anti-virus vendor.

Two months ago, researchers at Exploit Prevention Labs, now a part of Grisoft, discovered malicious banner ads on the websites of Major League Baseball and the National Hockey League.

Finjan last week warned end-users that cybercriminals are on the verge of creating trojans designed specifically to take advantage of Web 2.0 technologies and social networking websites.

Ben-Itzhak said the toolkit is still serving malware to unexpecting end-users.

“It's still active. We first noticed it in mid-December and our servers indicated it's still alive and kicking,” he said. “It was serving as much as 14 million banners a week and almost all of them were malicious.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.