Italian websites hit by Mpack malware
By Rene Millman,
Malware that attacked thousands of Italian websites over the weekend and stole sensitive information from users could spread to the rest of Europe and the UK.
Hacked Italian websites have triggered malware downloads once a user has visited them. The malware, known as Mpack kit, has compromised websites using known and common IFRAME vulnerability to deploy a slew of malware attacking unsuspecting web users around the world.
Most of the compromised sites focused on tourism, cars, movies, music, tax and employment services. A large number of sites affected were local government ones. Most of these sites were hosted by one of the largest hosting providers in the country.
Once the user visits any of these websites, the browser is directed to another address that contains the malicious JS_Dloader.NTJ. This JavaScript then downloads a new member in the infection series detected as Troj_Small.HCK. This tries to cause a buffer overflow on the user's browser.
According to researchers at anti-virus company Trend Micro, IT administrators should prepare themselves for an increased number of helpdesk calls and internal virus outbreaks.
"In the last 48 hours over 2,000 Italian websites have been hijacked in this way and we've seen a doubling of victims every 6-8 hours," said Ivan Macalintal, senior TrendLabs threat researcher at Trend Micro.
He said that these web threats are silent, invisible to the unprotected consumer and therefore more dangerous than common viruses. "The attackers are using multiple malware to try to remain undetected and deliver the final punch, a keylogger that intends to solicit personal information such as banking information or passwords," said Macalintal.
Anthony O'Mara, EMEA vice president at Trend Micro, said that author of this latest attack probably had months to plan and execute their criminal act.
"The regionally targeted nature of the attack and the speed of website infection points to a criminal gang with profit in mind," he said. "Businesses need to ensure their end users demonstrate extra caution when surfing the web, and if not already using a reputation based technology, one should be deployed. URL filtering cannot stop these attacks."
advertisement
Latest Security Features
Who should be Britain’s cyber security czar?
Experts reveal what a UK head of cyber security would need to do, while we put forward possible candidates for the role.
- The reality of movie technology
- Do smartphones need security software?
- Protecting the London 2012 Olympic Games
- Focus on... Flexible working
- Cyber policing and surveillance in Britain today
- How an FBI agent transformed Microsoft security
- Can security concerns kill cloud computing?
- GhostNet: Did the Chinese government hack the world?
- How poor web security nearly lead to a jail term
Latest Security Reviews
HP BladeSystem c3000 review: blade server
Rating: 
- CA ARCserve Backup r12.5 review
- FaceTime Communications USG530 - web filtering appliance review
- Guardium 7 – database security review
- Google Apps Premier Edition
- SmoothWall UTM-1000 review
- Lenovo ThinkPad USB Portable Secure Hard Drive
- LogRhythm LR-500-XM review
- EXCLUSIVE - eSoft ThreatWall 250
- Zebra RZ400 - RFID Printer
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?