• Quote of the Day
    "Your living is determined not so much by what life brings to you as by the attitude you bring to life;
    not so much by what happens to you as by the way your mind looks at what happens."
    Kahlil Gibran, posted by David Baxter

David Baxter

Mar 26, 2004
MPack Trojan Attack Claims 10,000 Web Sites
By Brian Prince, eWeek
June 18, 2007

Researchers at Trend Micro are reporting that as many as 10,000 Web sites have been infected with malicious code that redirects unsuspecting users to a server booby-trapped with drive-by exploits?part of a wave of attacks originating in Italy and now spreading through Europe.

Dubbed the "Italian Job" by Trend Micro, the attack was first uncovered June 15. Legitimate sites were hacked to include a malicious iFrames tag redirecting visitors to servers armed with a tool called MPack, an exploit tool that can target security holes in multiple products.

According to Trend Micro, once a user visits any of the compromised Web sites, the affected computer is directed to another IP address that contains the malicious JavaScript detected by the company as JS_DLOADER.NTJ.

The JavaScript attempts to exploit a buffer overflow vulnerability in unpatched browsers to download TROJ_SMALL.HCK, company officials said.

Since June 15, the number of sites affected by the attack has multiplied several times over, said David Perry, global director of education for Trend Micro, based in Cupertino, Calif.

"There are already somewhere between 5,000 and 10,000 Web sites affected by this," Perry said. "There's nothing that all these Web sites have in common. I'm calling it a Web-idemic."

According to Websense, based in San Diego, the regions most affected by the situation have been Italy and Spain.

In a blog posting June 15, Symantec researcher Elia Florio advised Italian users to update their anti-virus products and make sure all the recent patches are installed on their machines.

Latest posts

Top Bottom