'Italian job' attacks spread worldwide

A coordinated series of web-based attacks that began last week in Italy is quickly expanding and has now infected 10,000 websites around the world. When security researchers first noticed the threat, it has affected 1,000 English language websites with the Italian '.it' domain. By Monday, however, the attack had gone worldwide and had drawn the attention of the FBI. The attackers are using known exploits in web server applications to post attack code on third-party websites. The actual attack is carried out when a user visits a compromised site.

The site redirects the user to another server that runs MPack, a web-based attack tool that delivers an exploit specially designed to target flaws in each user's web browser. The exploit installs spyware and a key-logger. Traffic is bounced from the compromised sites to a server in the San Francisco area which then redirects to the attack server which is currently located in Chicago, according to Paul Ferguson, a network architect at security vendor Trend Micro. Ferguson noted that the San Francisco server uses an IP address registered to a Hong Kong entity, and is hosted by a company that is notoriously slow in responding to complaints about illegal activities on its network.

View: The full story
News source: Vnunet

Report a problem with article
Previous Story

Text bug blights Trillian

Next Story

More Flash Zune Details Leak

10 Comments

Commenting is disabled on this article.

... and is hosted by a company that is notoriously slow in responding to complaints about illegal activities on its network.

Well then get those critters offline! If this is turning into a global problem, there is no reason for the authorities to have patience with those people.. 10 000 websites is already too much
Also I don't know about how secure is FF about this by looking at this article, it shows FF as a vector too:
http://blogs.pandasoftware.com/blogs/panda...ered_2100_.aspx

Is there a way to disable IFRAME support in FF ?

Thanks for keeping these IPs a secret Symantec and Trend Micro. That way no one will be able to block them with firewall and they will further propogate.

Considering how much info there is of the attack you'd think they could send the cops to bust the hosting company if they don't comply with taking down the attack server. Especially in a case that has an effect on so many websites and users.

PS. "Fx" generally stands for "effects" so no matter how much Mozilla tries to change this, "FF" has become the standard abbreviation for Firefox.

Effects = FX not Fx

It doesn't make sense calling FF as firefox. If Firefox were called FireFox or Fire Fox, FF would make sense. Although FF might seem more natural, it's grammatically inappropriate.

Quote - [deXter
said,#3.1]Effects = FX not Fx

It doesn't make sense calling FF as firefox. If Firefox were called FireFox or Fire Fox, FF would make sense. Although FF might seem more natural, it's grammatically inappropriate.

Another "fx" vs "ff" post? And this one arguing that using the first and last letters makes more sense than using the normal first-letter abbreviations from a compound word.

So, abbreviating "download" makes more sense as "dd", not "dl"?
And "Microsoft" also makes more sense as "MT", as opposed to "MS"?

Suuuure.