Malware 'has infected major Government websites'

Key Government websites have been infected by cyber-criminals aiming to steal browsers' personal details, it was reported today.

More than a thousand Government and consumer sites are said to have been hit, including some run by the NHS and a local council.

The Times Online says the hackers are Eastern European and that security experts estimate at least two million computers worldwide have been affected.

At the heart of the claims is the asprox 'toolkit' that installs malware on vulnerable websites and tries to commandeer them, says The Independent's Cyberlinic columnist, Rhodri Marsden. He said: "Infected websites then install malware on the computers of any visitors to the site, INCLUDING another copy of Asprox. Which then searches for more websites to infect. Vicious.

"The big story, really, is that the way Asprox gets installed - i.e. by visiting a website that has been hacked - has now replaced nasty email attachments as the biggest security danger. And it's not just porn sites or other dubious online destinations that are carrying them. It could be any website that happens to be vulnerable. And many are."

Times Online reports that Asprox hit the Norfolk NHS website last week and that Hackney Council’s website was one of 12 local council sites compromised.

Nigella Lawson’s website was hit last week although her spokesman said that the virus was dealt with “instantly” and that nobody was infected.