Wednesday, June 20, 2007

10,000 websites infected with MPack hack

Attackers have launched massive attacks in Europe from a network of at least 10,000 hacked websites, several security companies have warned.

Analysts reported the opening salvos of a large-scale attack based on the multi-exploit hacker kit called "Mpack” as early as Friday. Attackers taint compromised websites with code that redirects visitors to a server hosting the Mpack kit - a professional, Russian-made collection of exploits that comes complete with a management console to detail which exploits are working, and against what countries' domains.

More here

More info:
TrendMicro - Italian Job
Mpack it up
Symantecc - Mpack packed full of badness
Slashdot - The Italian Job

An Italian blog reports that all of the servers compromised are IIS 6.0/Windows 2003 servers.