Russian hackers hijack Italian sites to serve exploits

Summary:The Russian crime ring behind the infamous WebAttacker/MPack exploit toolkit hacked into thousands of Italian Web sites over the weekend and used a one-line snippet of code to redirect surfers to a server rigged with drive-by exploits.

The Russian crime ring behind the infamous WebAttacker/MPack exploit toolkit hacked into thousands of Italian Web sites over the weekend and used a one-line snippet of code to redirect surfers to a server rigged with drive-by exploits.

MPack statistics
The ongoing attacks, which is reminiscent of the Dolphin Stadium site breach in February, uses a malicious IFRAME tag embedded into the hacked site to handle the redirection to the malware-laden server.

Around midday today, the server hosting the exploits was live and anti-virus researchers tracking the attacks have found more than 8,000 hijacked Italian Web sites.

The sites at risk cover a wide range of Internet interests -- from cars and racing (likely to take advantage of the formula one weekend), hotels, sports, music, lottery and pornography were all victims. Even web sites connected to Jon Bon Jovi and Mother Teresa weren’t spared, according to virus researchers at Trend Micro.

Here's a diagram of the attack scenario from Trend Micro's Carolyn Guevarra:

italian_iframe.gif

The MPack exploit kit used in this attacks contain a stats counter that spell out in detail the types of exploits used, the number of compromised computers and types of browsers used by the victim (see screenshot above). In this case, it is clear that some newer exploit modules have been added to take aim at flaws in Firefox, Opera and even Apple's QuickTime media player.

Symantec's Elia Floria provides a glimpse at the statistics:

The list of compromised sites is huge and from Mpack statistics this attack is working efficiently (the statistic page reports 65K unique visitors with almost 7K exploited browsers).

It is important to note that the exploits are targeting vulnerabilities that have already been patched so the best defense is to ensure that your machine is fully patched (OS and applications running on top).

Secunia's free software inspector is a nice place to start scanning your machine to look for weak spots. This tool will detect insecure versions of applications installed, verify that all Microsoft patches are applied and assist you in updating your system and applications .

Topics: Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.