Italian websites hit by Mpack malware
By Rene Millman,
Malware that attacked thousands of Italian websites over the weekend and stole sensitive information from users could spread to the rest of Europe and the UK.
Hacked Italian websites have triggered malware downloads once a user has visited them. The malware, known as Mpack kit, has compromised websites using known and common IFRAME vulnerability to deploy a slew of malware attacking unsuspecting web users around the world.
Most of the compromised sites focused on tourism, cars, movies, music, tax and employment services. A large number of sites affected were local government ones. Most of these sites were hosted by one of the largest hosting providers in the country.
Once the user visits any of these websites, the browser is directed to another address that contains the malicious JS_Dloader.NTJ. This JavaScript then downloads a new member in the infection series detected as Troj_Small.HCK. This tries to cause a buffer overflow on the user's browser.
According to researchers at anti-virus company Trend Micro, IT administrators should prepare themselves for an increased number of helpdesk calls and internal virus outbreaks.
"In the last 48 hours over 2,000 Italian websites have been hijacked in this way and we've seen a doubling of victims every 6-8 hours," said Ivan Macalintal, senior TrendLabs threat researcher at Trend Micro.
He said that these web threats are silent, invisible to the unprotected consumer and therefore more dangerous than common viruses. "The attackers are using multiple malware to try to remain undetected and deliver the final punch, a keylogger that intends to solicit personal information such as banking information or passwords," said Macalintal.
Anthony O'Mara, EMEA vice president at Trend Micro, said that author of this latest attack probably had months to plan and execute their criminal act.
"The regionally targeted nature of the attack and the speed of website infection points to a criminal gang with profit in mind," he said. "Businesses need to ensure their end users demonstrate extra caution when surfing the web, and if not already using a reputation based technology, one should be deployed. URL filtering cannot stop these attacks."
advertisement
Latest Security Features
Q&A - John Stewart, Cisco's chief security officer
The head of security for Cisco speaks to IT PRO about application security and solving the identity problem.
- NHS IT - something to celebrate?
- Q&A – Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- USB Flash Disks: A modern day business curse?
- Creating a mobile data management policy
- Behind the scenes: Symantec's malware battle
- The rise of storage security
- Google Mail Security
- Demand for tougher data breach legislation
Latest Security Reviews
AVG Internet Security SBS Edition 8.0
Rating: 
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
- EXCLUSIVE: Arbor Networks Peakflow X 3.7
- EXCLUSIVE: Check Point UTM-1 1050
- EXCLUSIVE: Finjan Vital Security NG-5100
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?