Italian websites hit by Mpack malware
By Rene Millman,
Malware that attacked thousands of Italian websites over the weekend and stole sensitive information from users could spread to the rest of Europe and the UK.
Hacked Italian websites have triggered malware downloads once a user has visited them. The malware, known as Mpack kit, has compromised websites using known and common IFRAME vulnerability to deploy a slew of malware attacking unsuspecting web users around the world.
Most of the compromised sites focused on tourism, cars, movies, music, tax and employment services. A large number of sites affected were local government ones. Most of these sites were hosted by one of the largest hosting providers in the country.
Once the user visits any of these websites, the browser is directed to another address that contains the malicious JS_Dloader.NTJ. This JavaScript then downloads a new member in the infection series detected as Troj_Small.HCK. This tries to cause a buffer overflow on the user's browser.
According to researchers at anti-virus company Trend Micro, IT administrators should prepare themselves for an increased number of helpdesk calls and internal virus outbreaks.
"In the last 48 hours over 2,000 Italian websites have been hijacked in this way and we've seen a doubling of victims every 6-8 hours," said Ivan Macalintal, senior TrendLabs threat researcher at Trend Micro.
He said that these web threats are silent, invisible to the unprotected consumer and therefore more dangerous than common viruses. "The attackers are using multiple malware to try to remain undetected and deliver the final punch, a keylogger that intends to solicit personal information such as banking information or passwords," said Macalintal.
Anthony O'Mara, EMEA vice president at Trend Micro, said that author of this latest attack probably had months to plan and execute their criminal act.
"The regionally targeted nature of the attack and the speed of website infection points to a criminal gang with profit in mind," he said. "Businesses need to ensure their end users demonstrate extra caution when surfing the web, and if not already using a reputation based technology, one should be deployed. URL filtering cannot stop these attacks."
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- IBM bans use of Siri on iPhones
- Apple iPad 3 vs iPad 2 head-to-head review
- Lenovo ThinkPad X1 Carbon Ultrabook review : First look
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- Google: Government controls are the internet's biggest threat
- Macs and Android under malware threat
- Sony Vaio T13 Ultrabook review: First look
- RIM loses its head of sales
- ARM-based Windows 8 tablets facing delays
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
