10,000 sites carrying exploits in large-scale attack.
Sophisticated remote-exploit attack kit ‘Mpack’ has been spotted in use in increasingly large numbers throughout Europe, with Italy by far the most seriously affected, in an attack of almost unprecedented scale and virulence. First spotted over the weekend, the number of compromised sites carrying the malicious attacks has risen, according to several reports, to over 10,000 sites worldwide, with the vast majority based in Italy.
The Mpack toolkit, which has been available on the black market for some time, is thought to be in constant development by its Russian creators, with new exploits added as new vulnerabilities are uncovered. The core functionality uses hidden iframes which, when placed on a hacked website, exploit known flaws in operating systems, browsers and other components to allow silent downloads of infected code to vulnerable victim systems. The kit also includes statistical monitoring tools and utilities for designing and creating downloader trojans to target the malware of the user’s choice.
‘Italy has some history as a playground for highly evolved online threats,’ said
John Hawes
, Technical Consultant at Virus Bulletin. ‘Gromozon, a.k.a.
Linkoptimizer
, which has flared up several times in the last year or so and used similarly complex webs of infection patterns and cross-communications, was also particularly prevalent in Italy. Whatever the reason for this may be, it seems like Italian web users should pay particular attention to the security of their systems, with thorough regimes of patching and solid, multi-layer security software being a necessity in these worrying times.’
Alerts on the outbreak can be found
here
(from
Trend Micro
,
here
(from
Symantec
) and
here
(from
Websense
), while more detailed analysis of Mpack is in a
Symantec
blog entry
here
or an in-depth report from
PandaLabs
here
Posted on 19 June 2007 by
Virus Bulletin
Leave a Reply