Finjan Inc. reports that attackers infected at least 10,000 trusted web sites with malware last month using the Random.JS Trojan toolkit. Random.JS is an exceptionally sneaky Trojan that infects the targeted machine and sends data from the machine back to the attackers controlling it via the Internet. The information that is stolen includes documents, passwords, surfing habits and other forms of compromising information.
The Random.JS attack is performed by dynamic embedding of scripts into a Web page, he said. It provides a random filename that can only be accessed once and is done in such a selective manner that when a user receives an infected page once, it will not be referenced again on further requests. This method prevents detection of the malware in later forensic analyses.
The list of attack toolkits includes MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2 and MultiExploit, along with newer toolkits like Random.JS, vipcrypt, makemelaugh and dycrypt.
Security vendors warn of the rising use of attack toolkits in recent months.