Major Sites Fall Victim to Web Hijack

How to run a Google search to check if your site has been infected.

Security company Finjan Wednesday reported it has found more than 1,000 sites infected by an attack toolkit called "Asprox," which exploits discovered flaws in a vulnerable site's programming to add hidden attack code. The attack code in turn searches for flaws on a browser's PC, and if any such holes are found it will download malware onto the computer.

I wasn't struck by the number - these days, 1,000 sites unfortunately isn't that many - so much as by the list of sites that Finjan says were hacked. My own city's site, which I've visited many times to pay parking tickets and the like, was nailed (though it's now clean). Snapple took a hit, as did the National Health Service in the UK and a wide range of other sites.

As with a previous SQL injection round, you can check to see if your site has been infected by running a Google search. Before you do, let me repeat a warning I wrote then:

IMPORTANT: DO NOT visit the domain named in the following test, or any sites that show up on a Web search as having this domain listed in their pages' code (including cached pages). Doing so could infect your PC with malware.

This time around, you'll need to run these three different searches, as the attack is inserting different code into different sites. In each case, substitute your site's domain (ie. Pcworld.com) for "domain."

  • site:yourdomain "b.js"

  • site:yourdomain "ngg.js"

  • site:yourdomain "fgg.js"

    When I ran those searches just now I turned up plenty of still-infected sites, so again, be extremely careful about visiting any of them. If your site turns up in search results, contact your IT department or hosting provider immediately.

    Whether or not your site turns up, it's also a good idea to run the free Scrawlr tool from HP, which can check your site for the kind of vulnerabilities exploited by a SQL injection attack. It's quick and easy to download and run.

    Also, for your own computer's safety, it's critical to keep all your software - not just the browsers and the OS - up-to-date with patches. Finjan writes that this attack kit goes after flaws in QuickTime and the AOL SuperBuddy as well as Windows.

    For more on the assault, see Finjan's blog posting.

  • Join the newsletter!

    Or

    Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

    Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

    Error: Please check your email address.
    Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

    Erik Larkin

    PC World
    Show Comments

    Cool Tech

    Toys for Boys

    Family Friendly

    Stocking Stuffer

    SmartLens - Clip on Phone Camera Lens Set of 3

    Learn more >

    Christmas Gift Guide

    Click for more ›

    Brand Post

    Bitdefender 2019

    This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

    Most Popular Reviews

    Latest Articles

    Resources

    PCW Evaluation Team

    Aysha Strobbe

    Microsoft Office 365/HP Spectre x360

    Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

    Michael Hargreaves

    Microsoft Office 365/Dell XPS 15 2-in-1

    I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

    Maryellen Rose George

    Brother PT-P750W

    It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

    Cathy Giles

    Brother MFC-L8900CDW

    The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

    Luke Hill

    MSI GT75 TITAN

    I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

    Emily Tyson

    MSI GE63 Raider

    If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

    Featured Content

    Product Launch Showcase

    Don’t have an account? Sign up here

    Don't have an account? Sign up now

    Forgot password?