Major Sites Fall Victim to Web Hijack

How to run a Google search to check if your site has been infected.

Security company Finjan Wednesday reported it has found more than 1,000 sites infected by an attack toolkit called "Asprox," which exploits discovered flaws in a vulnerable site's programming to add hidden attack code. The attack code in turn searches for flaws on a browser's PC, and if any such holes are found it will download malware onto the computer.

I wasn't struck by the number - these days, 1,000 sites unfortunately isn't that many - so much as by the list of sites that Finjan says were hacked. My own city's site, which I've visited many times to pay parking tickets and the like, was nailed (though it's now clean). Snapple took a hit, as did the National Health Service in the UK and a wide range of other sites.

As with a previous SQL injection round, you can check to see if your site has been infected by running a Google search. Before you do, let me repeat a warning I wrote then:

IMPORTANT: DO NOT visit the domain named in the following test, or any sites that show up on a Web search as having this domain listed in their pages' code (including cached pages). Doing so could infect your PC with malware.

This time around, you'll need to run these three different searches, as the attack is inserting different code into different sites. In each case, substitute your site's domain (ie. for "domain."

  • site:yourdomain "b.js"

  • site:yourdomain "ngg.js"

  • site:yourdomain "fgg.js"

    When I ran those searches just now I turned up plenty of still-infected sites, so again, be extremely careful about visiting any of them. If your site turns up in search results, contact your IT department or hosting provider immediately.

    Whether or not your site turns up, it's also a good idea to run the free Scrawlr tool from HP, which can check your site for the kind of vulnerabilities exploited by a SQL injection attack. It's quick and easy to download and run.

    Also, for your own computer's safety, it's critical to keep all your software - not just the browsers and the OS - up-to-date with patches. Finjan writes that this attack kit goes after flaws in QuickTime and the AOL SuperBuddy as well as Windows.

    For more on the assault, see Finjan's blog posting.

  • Join the newsletter!

    Error: Please check your email address.
    Rocket to Success - Your 10 Tips for Smarter ERP System Selection
    Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

    Erik Larkin

    PC World
    Show Comments



    Victorinox Werks Professional Executive 17 Laptop Case

    Learn more >

    Sansai 6-Outlet Power Board + 4-Port USB Charging Station

    Learn more >



    Back To Business Guide

    Click for more ›

    Brand Post

    Most Popular Reviews

    Latest Articles


    PCW Evaluation Team

    Louise Coady

    Brother MFC-L9570CDW Multifunction Printer

    The printer was convenient, produced clear and vibrant images and was very easy to use

    Edwina Hargreaves

    WD My Cloud Home

    I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

    Walid Mikhael

    Brother QL-820NWB Professional Label Printer

    It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

    Ben Ramsden

    Sharp PN-40TC1 Huddle Board

    Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

    Sarah Ieroianni

    Brother QL-820NWB Professional Label Printer

    The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

    Ratchada Dunn

    Sharp PN-40TC1 Huddle Board

    The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

    Featured Content

    Product Launch Showcase

    Latest Jobs

    Don’t have an account? Sign up here

    Don't have an account? Sign up now

    Forgot password?