Malware Pulls an “Italian Job”

This is a pretty crazy article, and the indication that 80% of the sites were at the same large italian hosting provider. Well it looks like some script kiddies did something more than just ./obb target. Imagine having access to half or a quarter of an ISP’s machines, for dDoS, spam and phishing.  Malware Pulls an "Italian Job" – A number of readers sent us word about a malware attack that has been underway since Saturday that began with the compromise of more than 1,100 mostly Italian Web sites. Websense claims that more than 10,000 sites have been infected by now, 80% of them in Italy. There are indications that most of the Italian sites are resident at the same large Italian hosting provider. Trend Micro reports on the attack, which is launched from a malicious Iframe tag inserted into pages on compromised sites. For visitors to these sites, this begins a cascade of "drive-by" malware downloads if one of several targeted vulnerabilities is available and unpatched. The first page to which visitors are redirected by the Iframe hosts a recent version of Mpack attack software. Panda has a month-old report on Mpack (PDF) that provides copious detail about its nefarious ways. Read more of this story at Slashdot.

This is a pretty crazy article, and the indication that 80% of the sites were at the same large italian hosting provider. Well it looks like some script kiddies did something more than just ./obb target. Imagine having access to half or a quarter of an ISP’s machines, for dDoS, spam and phishing. 

Malware Pulls an "Italian Job"A number of readers sent us word about a malware attack that has been underway since Saturday that began with the compromise of more than 1,100 mostly Italian Web sites. Websense claims that more than 10,000 sites have been infected by now, 80% of them in Italy. There are indications that most of the Italian sites are resident at the same large Italian hosting provider. Trend Micro reports on the attack, which is launched from a malicious Iframe tag inserted into pages on compromised sites. For visitors to these sites, this begins a cascade of "drive-by" malware downloads if one of several targeted vulnerabilities is available and unpatched. The first page to which visitors are redirected by the Iframe hosts a recent version of Mpack attack software. Panda has a month-old report on Mpack (PDF) that provides copious detail about its nefarious ways.

Read more of this story at Slashdot.


Did you like this article?


0 Shares:
You May Also Like

iPhone v1.1.1 baseband downgrade released

The iPhone team has just released a method to downgrade the baseband firmware on the v1.1.1 iPhones. Which means that if you disabled/bricked this portion previously using anySIM or iUnlock during the upgrade, then you can restore the functionality.
Read More

Firefox Extensions Waiting to Be Exploited

With anything that is open source, bugs and exploits will be found. However, this makes it easy for developers to patch these issues. As they know the code that is causing the problem, and usually the hacker will provide a patch for them that just needs to be reviewed. However, this is a real concern for myself, since I use over 10 FireFox extension.
Firefox Extensions Waiting to Be Exploited - Do you think you are safe with Firefox? In general, I would agree with you. But at the same time, I would also point out that there is a fairly sizable security concern that may be addressed, as effectively as some security experts might like. It's called the Firefox extension. [WArp2Search]
Read More

It All Comes Together: Laptop roundup

It All Comes Together: Laptop roundup -

[LifeHacker]
Read More