Mpack packs punch in Italy

Posted by   Virus Bulletin on   Jun 19, 2007

10,000 sites carrying exploits in large-scale attack.

Sophisticated remote-exploit attack kit 'Mpack' has been spotted in use in increasingly large numbers throughout Europe, with Italy by far the most seriously affected, in an attack of almost unprecedented scale and virulence. First spotted over the weekend, the number of compromised sites carrying the malicious attacks has risen, according to several reports, to over 10,000 sites worldwide, with the vast majority based in Italy.

The Mpack toolkit, which has been available on the black market for some time, is thought to be in constant development by its Russian creators, with new exploits added as new vulnerabilities are uncovered. The core functionality uses hidden iframes which, when placed on a hacked website, exploit known flaws in operating systems, browsers and other components to allow silent downloads of infected code to vulnerable victim systems. The kit also includes statistical monitoring tools and utilities for designing and creating downloader trojans to target the malware of the user's choice.

'Italy has some history as a playground for highly evolved online threats,' said John Hawes, Technical Consultant at Virus Bulletin. 'Gromozon, a.k.a. Linkoptimizer, which has flared up several times in the last year or so and used similarly complex webs of infection patterns and cross-communications, was also particularly prevalent in Italy. Whatever the reason for this may be, it seems like Italian web users should pay particular attention to the security of their systems, with thorough regimes of patching and solid, multi-layer security software being a necessity in these worrying times.'

Alerts on the outbreak can be found here (from Trend Micro, here (from Symantec) and here (from Websense), while more detailed analysis of Mpack is in a Symantec blog entry here or an in-depth report from PandaLabs here

Posted on 19 June 2007 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Small Talks return to the Virus Bulletin Conference

Following their success last year, this year a series of "Small Talks" return to the VB2016 conference programme. We are pleased to announce the details of six of these talks, covering subjects that range from the Chinese cybercriminal underground to…

Research shows web security products perform well against exploit kits

Research by Virus Bulletin, in which five web security products were served 54 live exploit kits, shows that the products blocked between 87 and 100 per cent of the kits.

Throwback Thursday: Olympic Games

In 1994, along with the Olympic Games came an Olympic virus, from a group of Swedish virus authors calling themselves ‘Immortal Riot’. We look back at Mikko Hyppönen's analysis in the VB archive.

VB2016 call for last-minute papers opened, discounts announced

Announcing the VB2016 call for last-minute papers and a number of discounts on the conference registration rate.

Guest Blog: Malicious Scripts Gaining Prevalence in Brazil

In the run up to VB2016, we invited the conference sponsors to write guest posts for our blog. In the second of this series, ESET's Matías Porolli writes about malicious Visual Basic and JavaScript gaining prevalence in Brazil.