Massive Web attack gains momentum
The IFrame code that leads to drive-by exploits.
(Credit: Trend Micro)Over the weekend, thousands of legitimate English-language Italian Web sites fell victim to one line of code. Taking advantage of the trust the users have in the sites they visit, the malicious code silently redirects browsers via JavaScript to servers containing a variety of drive-by exploits. If the visiting computer is unpatched for a variety of operating system, browser, and specific application flaws, malicious code is downloaded. Once installed, the new software can then be used to steal personal information or enlist a compromised machine in attacks on other machines. According to security vendor Websense, the attack now affects over 10,000 Web sites worldwide, and that list continues to grow. According to Trend Micro, servers hosting some of the malicious code have been traced to Chicago, the San Francisco Bay Area, and Hong Kong.
Steps used by Mpack
(Credit: Trend Micro)Fortunately, there are a number of variables here. First, you must accidentally happen upon a vulnerable site, then your computer must have one of several browser vulnerabilities present for the attack to take root. According to Trend Micro, the component that serves up the browser vulnerabilities is browser aware, able to infect your specific browser of choice. Assuming it can, the attack then downloads various Trojans designed to steal personal information.
To prevent such an attack, Trend Micro urges everyone to be aware of sites requiring software installation; do not allow software installation unless you trust the site and the provider of the software. Keep your PC software fully patched and be sure your antivirus protection is updating properly. And, of course, be wary of any unexpected e-mail and e-mail attachments.
For more on this specific attack, antivirus vendor Panda has prepared a 28-page PDF that provides granular detail.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments. 
That "honor" belongs to MS, with the sasser worm taking advantage of one line of code that took MS 188 days to fix.
- Not on Macs
- by MaLvaDo39 June 18, 2007 3:08 PM PDT
- When will the Windows users finally wake up?
- Reply to this comment
-
-
- When will Mac users
- by Lindy01 June 18, 2007 7:06 PM PDT
- give up?
- View reply
Processing -
- Children...Children!!!
- by Kings X Rocks! June 19, 2007 4:51 AM PDT
- We who use Windows to earn money to support our families (because our company mandates this OS) are very sorry that an interesting article about a clever, but dastardly, exploit struck such a nerve with OS-X users!!
-
-
(9 Comments)You have the Stockholm syndrome!
So if you have auto updates turned on your fine. You would not even need AV software....just auto updates.
Add in AV software that is up to date...throw in Vista with UAC and that is just another layer.
You have to be stupid....flat out stupid these days to get hit by this.
True is wont hurt a Mac....but that is because these A-holes want to get the most bang for the buck....and they did not want to waste their time on something that has less than 5% market share.
Rather than starting up the old I-am-part-of-the-religion-of-Apple CRAP, why not talk about psycology of the exploit writers? Or the things that ISPs could possibly do the help trim out this stuff. Or, the theory of fuel-injection...
It'd be more interesting than your wanting so-o-o-o hard to be and I told you so!