Wildcat   10 #133 Posted July 25, 2008 There has been a lot in the news about the Asprox Virus infecting Govt websites like the NHS and UK businesses.  http://technology.timesonline.co.uk/...cle4381034.ece  Only half of virus checkers are detecting it. Do any of the more technical forummers have any advice ? Share this post Link to post Share on other sites Share this content via...
Grahame   10 #134 Posted July 25, 2008 The Asprox virus was first reported in 2007-06-08 15:09 So the Times report is a year late, surely they have it under control by now?  http://secunia.com/virus_information/38997/asprox/  . Share this post Link to post Share on other sites Share this content via...
Wildcat   10 #135 Posted July 25, 2008 The Asprox virus was first reported in 2007-06-08 15:09 So the Times report is a year late, surely they have it under control by now? http://secunia.com/virus_information/38997/asprox/  .  Apparently in the last few months it has become 'an SQL injection vector for website attacks' - whatever that means.  http://www.scmagazineus.com/Asprox-botnet-malware-morphs/article/110169/  If you do a google news search on asprox you will see there has been a lot of concern about the virus recently from reputable newspapers like the Times and Guardian. Share this post Link to post Share on other sites Share this content via...
ASPGuru   10 #136 Posted July 25, 2008 I've just had to sort a web site out that had been hit by this. Not one that I built I should say.  ASPRox is an SQL Injection attack that adds data into any text fields it can find in any SQL Server database.  The data it adds is a JavaScript block that could then be displayed on any web pages that display the text from that database field. It pulls back a .js file (originally a.js, then b/js and currently ngg.js) from any one of about 10,000 different web sites. The payload of the .js file I understand varies.  As I understand it ASPRox is not a virus itself, as that describes the attack on the web sites, although the .js payload could potentially load a virus or provide a link that you could click that loads a virus. The attack is most likely launched by a virus ridden PC, so there is a trojan virus element to it.  To sort the web site I had two main tasks. First review all the code and close the front door to prevent the SQL Injection - mostly through decent input validation.  Then I had to code a script to parse through the database looking for and cleaning out all the rogue script blocks. The site I worked on had 16,000+ fields that were infected, most with multiple script blocks as the site had been getting hit by this multiple times a day since May at least.  The site is still being hit, but the SQL Injection is no longer working, so not causing any harm.  It could have been worse - the injection just added to the database. Bad enough, but it could so easily have been a delete command that was injected. Share this post Link to post Share on other sites Share this content via...
Ms Macbeth   75 #137 Posted July 25, 2008 Mod note: The thread has been moved and closed.  If you receive a 'Life is beautiful' email, please don't forward it and perpetuate the spam. Share this post Link to post Share on other sites Share this content via...
Ghozer   112 #138 Posted July 30, 2008 Mod Note: Multiple threads merged to create Virus Mega thread Share this post Link to post Share on other sites Share this content via...
adaline   10 #139 Posted July 30, 2008 Why merge it with a hoax thread tho? Share this post Link to post Share on other sites Share this content via...
ScotDoc6537 Â Â 10 #140 Posted September 8, 2008 Having received emails from UPS in the past and avoided the potential zip file risk, I was suspicious to receive today an email from unknown sender 'Minnie': Â 'Please find attached a statement of fees as requested, this will be posted today. The accommodation is dealt with by another section and I have passed your request on to them today. Kind regards. Minnie' Â I have no knowlege of this sender or any request of mine. Â I did NOT open the attached zip file. Â The sender's email domain is bluelakecamp.com, which appears to be associated with a website for a Christian Retreat Centre in Andalusia, Alabama USA. Â Anyone know if this is a recognised scam format? Share this post Link to post Share on other sites Share this content via...
HotPhil   10 #141 Posted September 8, 2008 Yep, scam.  http://www.technibble.com/forums/showpost.php?p=17411&postcount=1  Anything like that where the kind of response they're looking for is for you to reply to them and say they've made a mistake is suspicious. Share this post Link to post Share on other sites Share this content via...
esme   10 #142 Posted January 12, 2009 Looks like there's an Abbey National phishing email doing the rounds  if you get this and open it delete it without clicking on anything, there don't appear to be any tracking graphics or other malware in it so you should be ok opening it but I may have missed something so if you haven't opened it just delete it.  it's from "[email protected]" title "Abbey Bank Security Update For New Year" content is an HTML page with the following text  Abbey Bank Account Holder, We are running our early year security routing check on all Abbey National Bank account. This Requires proper rectification on previous transactions on record update details edited and recent changes made.  To ensure a pre-modified security check,you are expexted to reveiw All previous records, updates, and details editted in previous months. Please click on the link below for immediate security check  some graphics and links come from the abbey national site so it looks authentic but the immediate security check link goes to a page at "myuchallenge.net" registered in Hong Kong and the return path of the mail goes to "mail.jasakonstruksi.net" which is in Indonesia somewhere  this seems to be adopting the blunderbus approach of sending it to everyone, I got it and I don't have an account with Abbey  As a general rule if you receive an email from a financial institution that is genuine they will not provide a link in the email for you to click on, they will tell you to go to their website and log in, also they won't send one to you if you don't have an account with them Share this post Link to post Share on other sites Share this content via...
simonj   10 #143 Posted January 12, 2009 As a general rule if you receive an email from a financial institution that is genuine they will not provide a link in the email for you to click on, they will tell you to go to their website and log in, also they won't send one to you if you don't have an account with them  Good general rules. One more - a genuine financial institution will use correct English grammar and spelling as well Share this post Link to post Share on other sites Share this content via...
esme   10 #144 Posted January 15, 2009 yet another one doing the rounds  the title may change mine was "Re:admin" email address is spoofed so it's sent to your address apparently from your address content is an HTML message with the text You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service advertised. Prices and item availability subject to change without notice.  any links go to "thirdspirituality.com" or "speakintuition.com" and any graphics come from "intuitionwest.com"  it doesn't look capable of verifying your email address as the graphic names are too simple and there doesn't appear to be any other payload, however any graphics in the message may carry their own malware  a big giveaway is that I don't use MSN in any way shape or form and have never subscribed to their "Featured Offers" if indeed they have such a thing  if you get it delete it without opening it, if you've already opened it, delete it without clicking on any links, then I suggest you update your virus and spyware scanners and rescan your machine, just to be on the safe side this probably isn't necessary though Share this post Link to post Share on other sites Share this content via...