Massive MPACK Compromise
MPACK is a tool that was first discovered in December of 2006 by Panda Labs. Its an PHP based application designed to run on a server. With it comes several different exploits (you can buy new ones to add on) which can be used to compromise a user's system based on what they are running. There are different methods to get a user to access the compromised server. One of the more popular methods being used right now is an IFRAME. Websites are compromised and IFRAMES are placed on the sites pointing to the MPACK server. Another interesting characteristic of this tool is the fact it has a database backend. Right now its being reported by Websense that there are over 10,000 compromised systems all with IFRAMES pointing to the MPACK server.
For more information:
WebSense - Shows chart of countries impacted
Panda Labs - Analysis of Current Attacks
Panda Labs - DETAILED REPORT (28 Pages - PDF)
McAfee Detection of MPACK hacking tool
MPack is a Web Attack Tool which we are seeing deployed in wild on few web servers. This tool is an application designed to serve malicious content to users accessing compromised websites. We have seen several thousands of website URLs that are compromised and have a hidden IFRAME inserted to redirect unsuspecting users to malicious site hosting the MPack toolkit. The toolkit stores statistical information like Geo Location, Browser Type and Operating System info relating to users accessing bait websites.