Millions of computers are believed to have been infected by a virus named Asprox, which can be surreptitiously embedded in legitimate websites.

The virus automatically downloads onto devices used to visit the affected site, where it then proceeds to hunt out and broadcast sensitive information such as bank account details.

A recent epidemic of Asprox infections on more than a thousand UK websites, including NHS, government and local council sites, is believed to have been instigated by Eastern European hackers, according to The Times newspaper.

“The virus got into the job pages of a local council’s internet page,” Detective Constable Bob Burls, of the Metropolitan Police Computer Crime Unit, told the newspaper. “It’s a new thing that people who visit mainstream websites are clobbered.”

“We’ve dealt with two major websites in as many weeks,” he added. Organisations to have been affected (and since remedied) include Hackney Council and the Norfolk NHS Trust.

According to an expert quoted by the newspaper, not all anti-virus products are capable of detecting the Asprox virus.

Further reading

Securely speaking
Voice verification is about to enter the mainstream

The business partner risk
Business partners should be regarded as the greatest security headache

RIM touts BlackBerry’s uncrackability
The Indian goverment's loss is businesses' gain

Find more stories in the Security & Continuity Briefing Room