Italian websites hit by Mpack malware
By Rene Millman,
Malware that attacked thousands of Italian websites over the weekend and stole sensitive information from users could spread to the rest of Europe and the UK.
Hacked Italian websites have triggered malware downloads once a user has visited them. The malware, known as Mpack kit, has compromised websites using known and common IFRAME vulnerability to deploy a slew of malware attacking unsuspecting web users around the world.
Most of the compromised sites focused on tourism, cars, movies, music, tax and employment services. A large number of sites affected were local government ones. Most of these sites were hosted by one of the largest hosting providers in the country.
Once the user visits any of these websites, the browser is directed to another address that contains the malicious JS_Dloader.NTJ. This JavaScript then downloads a new member in the infection series detected as Troj_Small.HCK. This tries to cause a buffer overflow on the user's browser.
According to researchers at anti-virus company Trend Micro, IT administrators should prepare themselves for an increased number of helpdesk calls and internal virus outbreaks.
"In the last 48 hours over 2,000 Italian websites have been hijacked in this way and we've seen a doubling of victims every 6-8 hours," said Ivan Macalintal, senior TrendLabs threat researcher at Trend Micro.
He said that these web threats are silent, invisible to the unprotected consumer and therefore more dangerous than common viruses. "The attackers are using multiple malware to try to remain undetected and deliver the final punch, a keylogger that intends to solicit personal information such as banking information or passwords," said Macalintal.
Anthony O'Mara, EMEA vice president at Trend Micro, said that author of this latest attack probably had months to plan and execute their criminal act.
"The regionally targeted nature of the attack and the speed of website infection points to a criminal gang with profit in mind," he said. "Businesses need to ensure their end users demonstrate extra caution when surfing the web, and if not already using a reputation based technology, one should be deployed. URL filtering cannot stop these attacks."
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Who to trust after the VeriSign hack?
Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
- Are the cookie laws crumbling already?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Google releases Chrome for Android beta
- Will someone rid me of these troublesome Macs?
- OneNote hits Google?s Android
- BlackBerry Bold 9790 review
- Google sends in Bouncer to sort out malicious apps
- Ubuntu vs. Windows 7 on the business desktop
- Who to trust after the VeriSign hack?
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
- ACTA: the basics, the controversies, and the future
- BT considering Ofcom price cap appeal
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
