10,000 US Websites infected with crimeware toolkit

Finjan has identified significant new web attack – the latest in a genre of crimeware that threatens to turn highly trusted web sites into insidious traps for unwary visitors. More than 10,000 websites in the US were infected in December by this latest malware.

The attack, which Finjan has designated “random js toolkit,” is an extremely elusive crimeware Trojan that infects an end user’s machine and sends data from the machine via the Internet to the Trojan’s “master”, a cybercriminal. Data stolen by the Trojan can include documents, passwords, surfing habitats, or any other sensitive information of interest to the criminal.

The random js toolkit is a JavaScript code that is created dynamically and changes every time it is being accessed. As a result, it is almost impossible to be detected by traditional signature-based anti-malware products.

Signaturing a dynamic script is not effective. Signaturing the exploiting code itself is also not effective, since these exploits are changing continually to stay ahead of current zero-day threats and available patches. Keeping an up-to-date list of “highly-trusted-doubtful’ domains serves only as a limited defense against this attack vector.



Share this