Home / mailings WSLabs, Malicious Website / Malicious Code: Large scale European Web Attack
Posted on 18 June 2007
Websense Security LabWebsense® Security LabsT has received reports of a large scale attack in Europe that is using the MPACK web exploit toolkit. For more information on MPACK please see the Panda Labs blog here:
http://blogs.pandasoftware.com/blogs/securitylabs/images/PandaLabs/2007/05/11/MPack.pdf.
At the time of this alert our ThreatSeeker technology has discovered more than *10,000* sites that have been compromised and have IFRAMES pointing to the hub infection site.
Assuming users connect to one of the compromised sites and are vulnerable to one of several loaded exploits a Trojan Horse is downloaded onto their machine which is designed to steal banking, and potentially other confidential information through a serious of web infection downloads.
The main site has a statistics page and it has shown very large numbers of users connecting to the infected sites and high levels of users who have been compromised. As you can see from the below screenshot the top regions are Italy, Spain, and the United States.
Websense security customers are protected from connecting to the malicious websites.
Sample statistics panel at time of alert:
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=782
