Menu
Hackers Hit 10,000 Sites, Launch 'Phenomenal' Attack

Hackers Hit 10,000 Sites, Launch 'Phenomenal' Attack

Infected computers are fed a diet of malicious code, largely keyloggers that spy out usernames and passwords for valuable accounts, such as online banking sites

Attackers armed with an exploit toolkit have launched massive attacks in Europe from a network of at least 10,000 hacked Web sites, with infections spreading worldwide, several security companies warned today.

As early as last Friday, analysts reported the opening salvos of a large-scale attack based on the multi-exploit hacker kit dubbed "Mpack". The mechanics of the attacks are involved, but essentially attackers taint each compromised site with code that then redirects visitors to a server hosting the Mpack kit — a professional, Russian-made collection of exploits that comes complete with a management console to detail which exploits are working, and against what countries' domains.

The hackers seem to be able to find a lot of sites to compromise no matter where they look

Elia Florio - Symantec researcher

Infected computers are fed a diet of malicious code, largely keyloggers that spy out usernames and passwords for valuable accounts, such as online banking sites.

"The gang behind the attack has successfully compromised the home pages of hundreds of legitimate Italian Web sites," said Symantec researcher Elia Florio in a posting to the vendor's security response blog. "The list of compromised sites is huge and from Mpack statistics this attack is working efficiently."

Florio said Symantec is uncertain how the sites were originally hacked, but suspected a common vulnerability or configuration problem at the hosting level. Paul Ferguson, a network architect with Trend Micro, would only guess at how sites were hijacked, but said that the 'how' is mostly moot. What's important: "The hackers seem to be able to find a lot of sites to compromise no matter where they look."

Symantec had pegged the number of compromised sites feeding Mpack exploits at 6000; by today, Websense, a US-based Web security company, said it had tracked more than 10,000. "That's a phenomenal number," argued Ferguson, who said that previous compromised-site attacks using hacker kits could be counted as "several hundred here, a couple of hundred there".

Screenshots of the Mpack management console posted by Websense and Symantec illustrate the large numbers of computers that have surfed to the compromised sites, and the high success rate of the Mpack-delivered exploits. Although the bulk of the victim PCs use Italian IP addresses, US-based machines are not immune.

"The lion's share of the sites we're seeing are in Italy still," said Ferguson, "but we're seeing sites all over the world as well." For instance, Trend Micro has identified hacker-controlled sites hosted in California and Illinois. The California site is hosted by a company Ferguson called "notorious", but he wouldn't divulge the hosting vendor's name.

"The usual advice we give, 'avoid the bad neighborhoods of the Web', just doesn't hold water any more" when legitimate sites have been hacked and are serving up exploits left and right, Ferguson said. "Everywhere could be a bad neighborhood now."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments