More than 10,000 trusted websites were infected last month by the random js toolkit, elusive crimeware designed to send victims’ personal information to attackers via the web, according to Finjan.
Yuval Ben-Itzhak, Finjan chief technology officer, said today that the toolkit uses three different methods of obfuscation to avoid detection and is simple to use.
“It’s a very successful model. You no longer have to be a computer expert or have computer-science skills. You can pay $100 and have it put on a server you’ve already compromised,” he told SCMagazineUS.com today. “[The toolkits] have online reporting and they have automatic updates, so if Microsoft pushes a patch, they can make an adjustment.”
The toolkit targets users by embedding dynamic malicious script into the websites themselves. About 80 percent of pages hosting malicious software or drive-by downloads in 2007 were part of legitimate sites, according to Finjan.
The embedded malicious code does not appear on the trusted site after an end-user’s first appearance, making the malware difficult to track, according to researchers at the San Jose, Calif.-based anti-virus vendor.
Ben-Itzhak said the toolkit is still serving malware to unexpecting end-users.
“It’s still active. We first noticed it in mid-December and our servers indicated it’s still alive and kicking,” he said. “It was serving as much as 14 million banners a week and almost all of them were malicious.”