Security company Finjan recently proclaimed that it detected over 1,000 different Website domains had been compromised during the first two weeks of June by a known malware toolkit, "Asprox," which has been around for over a year (according to Symantec). 

"… a new round of mass Web attacks has started during May 2008. Hackers successfully compromised a large number of government and top businesses websites worldwide to infect visitors with malware. The attack toolkit being used (which is aliased as "Asprox") has been around for [a] few years; however, during the last year we have noticed a rise in the number of attacks using it. The attack toolkits is designed to first search Google for webpages with the file extension [.asp] and then launch SQL injection attacks to append a reference to the malware file using the SCRIPT tag."

Finjan states that the compromised domains reference back to over 160 domains that serve the malware, and that the number of these "malware serving domains increases every day." According to Finjin, compromised sites included sfgov.org (San Francisco's official site), nhs.uk (the U.K.'s National Health Service), Snapple.com (Snapple's official site), uci.edu (University of California's official site), and btimes.com (the Baltimore Times).

According to Finjan, at least some of these sites have finally been rid of the malware as of the last few days. Although, oddly, as we were writing this story, we discovered that the Baltmore Times site (btimes.com) was down. We are uncertain if this is related to the malware infection or just a coincidence.

Finjan is not necessarily trying to alert the online world that that this malware toolkit it out there potentially compromising servers and systems--word started to spread about Asprox's resurgence back in May. The alarm bell that Finjan is ringing is that even though this has been known about since May, there are still infected sites out there that haven't been cleaned up yet.

In addition to predominant Websites being compromised, Finjan also found that ad networks were serving infected ads:

Security company SecureWorks describes Asprox as a component of a Trojan called "Danmec":

Interestingly, Symantec classifies both Danmec and Asprox as "Risk Level 1: Very Low." Symantec reports that Danmec was was first discovered in November 2005, and Asprox was discovered in June 2007.

It appears that there is no consensus on exactly how dangerous Asprox is. But if you are like us, no matter how benign a piece of malware may be, we still don't want it on our systems. As users, we can try to take precautions on our computers, such as running security software with the latest definition updates and patches. But when Website managers don't take the necessary precautions themselves to keep their servers from getting infected--even after knowing about the issue for a month--then they have no excuse.