Worm alert on AfME (Action for ME) web pages, 26 July

Update 1:  I have spoken to AfME this morning and the website staff are dealing with this.  I will be advised when the site is clean.

Over the past couple of weeks a number of UK and US government and business sites, including the NHS Norfolk site, have been targeted by hackers with “Asprox” so UK users of both government and third sector health care related sites need to take care.

The following reports may be of interest:

http://news.yahoo.com/s/pcworld/20080716/tc_pcworld/148503 

Major Sites Fall Victim to Web Hijack Erik Larkin
Wed Jul 16

 

http://www.finjan.com/MCRCblog.aspx?EntryId=2002 

Governmental, Healthcare, and Top Business Websites have fallen victims to the new round of Asprox mass attack
Jul 16, 2008

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Posted Saturday 26 July

On 25 June, Kaspersky A/V 7 identified and neutralised a named Trojan downloader on AfME’s News pages which had been very recently released.

I contacted AfME and discussed the issue with them.  Subsequently, Google links to AfME’s site carried a “This site could harm your computer” alert so problems with the site had evidently been identified by Google.

This evening I have visited AfME’s site and Kaspersky A/V has identified and blocked the following on AfME’s News page:

26/07/2008 18:46:35 Malicious HTTP object <a URL which I am omitting for safety>: detected virus ‘Net-Worm.JS.Aspxor.a’.

I have alerted AfME, this evening, by email, but given that it is the weekend this is unlikely to receive attention until Monday. 

In the meantime, please take care if visiting AfME’s site and if absolutely essential that you do visit, I would recommend that you update your A/V definitions before doing so – but better not to visit at all as not all A/V programmes may be able to identify or block this threat and please don’t click on any links on ME agenda site to AfME’s site.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s