HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 10 MINUTES AGO.
You are here: Home / Computing / Security Experts Monitor MPack Threat
MOBILE FRAUD PREVENTION
Learn how to identify fraud coming from mobile web and apps
SIGN UP—IOVATION WEBINAR
Security Experts Monitor MPack Threat
Security Experts Monitor MPack Threat
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JUNE
21
2007
While the U.S. Department of Homeland Security continues to try to secure its virtual borders, security researchers are digging more deeply into a computer infection that started in Italy and might soon spread beyond European shores.

Trend Micro initially reported the infection of seemingly legitimate Web pages loaded with malicious code that can install keyloggers to steal user passwords or turn computers into proxy servers for various other attacks.

The malware takes advantage of iFrames, which are commonly used on Web sites to nest content within pages. Trend Micro researchers believe the malware was generated with a Trojan-creation toolkit called MPack.

Trend Micro data indicates that tens of thousands of users worldwide have accessed malicious URLs, oblivious to the MPack threat. VeriSign's iDefense, for its part, is reporting that the MPack attacks are gaining momentum.

50/50 Success

"MPack is a powerful Web exploitation tool that claims about 50 percent success in attacks silently launched against Web browsers," said Ken Dunham, senior engineer and director of the rapid response team at VeriSign's iDefense. "'$ash' is the primary Russian actor attempting to sell MPack on the underground for about $1,000 for the complete MPack kit."

Also known as WebAttacker II, MPack dates back to October 2006 and accounted at that time for roughly 10 percent of Web-based attacks. According to iDefense, more than 10,000 domains in the recent rise of MPack attacks compromised some 80,000 unique IP addresses in Italy.

Verisign's iDefense maintains that it is likely that exploitation took place through the cPanel software that many Web hosting providers offer their customers as a way to manage their Web sites. This cPanel infection led to malicious iFrames being injected on the sites in question.

"MPack leverages multiple exploits, in a very controlled manner, to compromise vulnerable computers," Dunham explained. "Exploits range from the recent animated cursor [vulnerability] to QuickTime exploitation." The latest version of the MPack toolkit even includes code to exploit specific Microsoft vulnerabilities covered in several of the company's security bulletins.

The Payload

The well-known Torpig Trojan is one of the known payloads for MPack, VeriSign reported. The Torpig Trojan is tied closely to the Russian Business Network (RBN), through which many Internet-based attacks take place today.

The RBN has become a virtual safe house for attacks out of Saint Petersburg, Russia, responsible for phishing, child pornography, and other illicit operations, Dunham noted.

"MPack attacks experience high success, according to attack log files analyzed by VeriSign iDefense," Dunham concluded. "In just a few hours, more than 2,000 new victims reported to an MPack command and control Web site."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Waiting in a monster line is rough on customers. Transactions that involve tedious document scanning? Even scarier. Meet the KODAK ScanMate i1150. A smart, responsive little beast from Kodak Alaris that fits easily on a desk or counter--and has an "overdrive" button that devours stacks of 10 even faster. It can even sense a jam and stop in its tracks. Fiercely reliable. Well behaved. Look closer.
MORE IN COMPUTING
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.