News Blog Subscribe to News Blog
June 18, 2007 1:31 PM PDT

Massive Web attack gains momentum

Posted by Robert Vamosi
IFrame code

The IFrame code that leads to drive-by exploits.

(Credit: Trend Micro)

Over the weekend, thousands of legitimate English-language Italian Web sites fell victim to one line of code. Taking advantage of the trust the users have in the sites they visit, the malicious code silently redirects browsers via JavaScript to servers containing a variety of drive-by exploits. If the visiting computer is unpatched for a variety of operating system, browser, and specific application flaws, malicious code is downloaded. Once installed, the new software can then be used to steal personal information or enlist a compromised machine in attacks on other machines. According to security vendor Websense, the attack now affects over 10,000 Web sites worldwide, and that list continues to grow. According to Trend Micro, servers hosting some of the malicious code have been traced to Chicago, the San Francisco Bay Area, and Hong Kong.

Steps used by Mpack

Steps used by Mpack

(Credit: Trend Micro)
The attack, dubbed Mpack, uses cross-site scripting to place malicious IFrames on legitimate Web sites. IFrames are used by Web designers to open additional windows (often hosted on other sites) within a main Web page; IFrames can also be used by criminal hackers to redirect browsers to malicious-code sites. Trend Micro believes this latest attack was automated. Websense reports that the server where users are redirected includes a counter that shows large numbers of visitors from Italy, Spain, and the United States.

Fortunately, there are a number of variables here. First, you must accidentally happen upon a vulnerable site, then your computer must have one of several browser vulnerabilities present for the attack to take root. According to Trend Micro, the component that serves up the browser vulnerabilities is browser aware, able to infect your specific browser of choice. Assuming it can, the attack then downloads various Trojans designed to steal personal information.

To prevent such an attack, Trend Micro urges everyone to be aware of sites requiring software installation; do not allow software installation unless you trust the site and the provider of the software. Keep your PC software fully patched and be sure your antivirus protection is updating properly. And, of course, be wary of any unexpected e-mail and e-mail attachments.

For more on this specific attack, antivirus vendor Panda has prepared a 28-page PDF that provides granular detail.

Topics:

Security

Tags:

security,

iframe,

WebSense,

Trend Micro,

Panda

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
iLink to deliver answers to military online communities
Vonage names new CEO
T-Mobile 'Gekko' officially reveals itself as T-Mobile Sidekick
Alcatel-Lucent CEO, chairman stepping down
New York gets Fios TV
Add a Comment (Log in or register) 9 comments (Page 1 of 1)
Haven't beat the record
by qwerty75 June 18, 2007 2:49 PM PDT
For most damage from one line.

That "honor" belongs to MS, with the sasser worm taking advantage of one line of code that took MS 188 days to fix.
Reply to this comment
Not on Macs
by MaLvaDo39 June 18, 2007 3:08 PM PDT
When will the Windows users finally wake up?

You have the Stockholm syndrome!
Reply to this comment View all 2 replies
Powered by Jive Software
advertisement

  • About News Blog

  • Recent posts on technology, trends, and more.

Add this feed to your online news reader
Google
Yahoo
MSN

News Blog topics

Most popular stories

  1. FCC approval suggests November Android debut

  2. Debate rages over free wireless spectrum

  3. Apple willing to replace any smoking first-gen iPod Nanos

  4. Palm leaks Treo Pro photos and videos

  5. Judge lifts MIT students' card-hacking gag order

Latest tech news headlines

All News.com headlines »

Featured blogs

Beyond Binary by Ina Fried

Coop's Corner by Charles Cooper

Defense in Depth by Robert Vamosi

Geek Gestalt by Daniel Terdiman

Green Tech

One More Thing by Tom Krazit

Outside the Lines by Dan Farber

The Iconoclast by Declan McCullagh

The Social by Caroline McCarthy

Underexposed by Stephen Shankland

Resource center from News.com sponsors
Aligning CIO & CEO visions
What CIOs need to know

It's a simple truth. The closer you and your CEO see things, the greater your chance for success. Our exclusive report can help you get there—and help your business grow. To get the report, featuring the views of 765 CEOs on innovation. click here

Click Here!
What CEOs think: Innovation Insights for CIOs

Learn How CIOs can deliver strategic success for their enterprises

The New CIO: Beyond Technology

Learn how CIOs become heroes

Podcast: Chris Gorog of Napster

Learn about the impact of technology in strategy execution

The future of the Enterprise

Read more about tomorrow's organization

advertisement
Click Here
Welcome (log out) |View profile
Log in | Sign up Why join?
On The Insider: Jennifer Aniston DUMPED
Advanced
search
advertisementCheck out AT&T's FREE camera phones
Advanced
search
Visit other CBS Interactive sites