In the previous month the World Wide Web was subject to one of the heaviest attacks since it first came into existence. Thousands of legitimate websites were attacked by the Trojan horses JS:Redirector-H and JS:Redirector-J, the aim of which was to infect millions of unsuspecting users. avast! was the first antivirus program to detect the infection right at the start and all users of avast! were protected throughout the duration of the attack. Now, more than a month after the attack was first detected, it is possible to assess the attack.
The timeline of the attack can be divided into three phases:
The following graph presents the number of visits to infected websites. All these approaches have been blocked and users are therefore protected from large-scale infection. The highest number of these attempts was recorded on 14.5.2009 - more than 600,000 visits to infected websites.
The number of hits presented in the previous chart is enormous, but this reveals nothing about the number of infected domains. For this reason I present below a second graph. This shows the process of the infection in terms of domains - the number of newly infected domains per day (counting only the first occurrence of the infection for each single domain).
Finally, the total numbers (from 28.4.2009 to 31.5.2009):
Unrelated to the CCleaner attack, Avast also found ShadowPad samples active in South Korea and Russia, logging a financial transaction
Close to 50,000 Minecraft accounts infected with malware designed to reformat hard-drives and more.