Fighting malware and spam
Mpack packs punch in Italy
10,000 sites carrying exploits in large-scale attack.
Sophisticated remote-exploit attack kit 'Mpack' has been spotted in use in increasingly large numbers throughout Europe, with Italy by far the most seriously affected, in an attack of almost unprecedented scale and virulence. First spotted over the weekend, the number of compromised sites carrying the malicious attacks has risen, according to several reports, to over 10,000 sites worldwide, with the vast majority based in Italy.
The Mpack toolkit, which has been available on the black market for some time, is thought to be in constant development by its Russian creators, with new exploits added as new vulnerabilities are uncovered. The core functionality uses hidden iframes which, when placed on a hacked website, exploit known flaws in operating systems, browsers and other components to allow silent downloads of infected code to vulnerable victim systems. The kit also includes statistical monitoring tools and utilities for designing and creating downloader trojans to target the malware of the user's choice.
'Italy has some history as a playground for highly evolved online threats,' said John Hawes, Technical Consultant at Virus Bulletin. 'Gromozon, a.k.a. Linkoptimizer, which has flared up several times in the last year or so and used similarly complex webs of infection patterns and cross-communications, was also particularly prevalent in Italy. Whatever the reason for this may be, it seems like Italian web users should pay particular attention to the security of their systems, with thorough regimes of patching and solid, multi-layer security software being a necessity in these worrying times.'
Alerts on the outbreak can be found here (from Trend Micro, here (from Symantec) and here (from Websense), while more detailed analysis of Mpack is in a Symantec blog entry here or an in-depth report from PandaLabs here
19 June 2007
Tags:
del.icio.us 
digg this
ARF published as IETF standard
Abuse report format helps auto-handling of email complaints
02 September 2010
Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
01 September 2010
Malicious tweets link to fake TweetDeck update
Twitter resets passwords for accounts that appear to have been hacked.
01 September 2010
94% of Internet users befriend unknown 'good-looking woman'
Sensitiva data shared after two-hour chat. (1 comment)
31 August 2010
Investment boost for Quick Heal
Indian security firm gets hefty cash injection.
27 August 2010
Quick Links
 |
 |
 |
Poll
When do you install software updates?Leave a comment
View 12 comments
2 hours ago
6 hours ago
VB100 certification
With another epic haul of 54 products to test this month, the VB test team could
have done without the bad behaviour of a number of products: terrible product
design, lack of accountability for activities, blatant false alarms in major
software, numerous problems detecting the WildList set, and some horrendous
instability under pressure. Happily, there were also some good performances to
balance things out. John Hawes has the details.
See full results.
Virus Bulletin currently has 208,224 registered users.