Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mpack Hacking Tool Used In Large Scale Web Attack


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:08:51 AM

Posted 19 June 2007 - 12:08 PM

Numerous web site attacks have occurred, particularly in Europe. Web site administrators should ensure their security and infrastructure software is up-to-date and lock down PHP security appropriately.

Massive MPACK Compromise
http://isc.sans.org/diary.html?storyid=2991

MPACK is a tool that was first discovered in December of 2006 by Panda Labs. Its an PHP based application designed to run on a server. With it comes several different exploits (you can buy new ones to add on) which can be used to compromise a user's system based on what they are running. There are different methods to get a user to access the compromised server. One of the more popular methods being used right now is an IFRAME. Websites are compromised and IFRAMES are placed on the sites pointing to the MPACK server. Another interesting characteristic of this tool is the fact it has a database backend. Right now its being reported by Websense that there are over 10,000 compromised systems all with IFRAMES pointing to the MPACK server.


For more information:

WebSense - Shows chart of countries impacted
http://www.websense.com/securitylabs/alert...php?AlertID=782

Panda Labs - Analysis of Current Attacks
http://blogs.pandasoftware.com/blogs/panda...ered_2100_.aspx

Panda Labs - DETAILED REPORT (28 Pages - PDF)
http://blogs.pandasoftware.com/blogs/image...05/11/MPack.pdf

McAfee Detection of MPACK hacking tool
http://secunia.com/virus_information/39351/htool-mpack/
http://vil.nai.com/vil/content/v_142501.htm

MPack is a Web Attack Tool which we are seeing deployed in wild on few web servers. This tool is an application designed to serve malicious content to users accessing compromised websites. We have seen several thousands of website URLs that are compromised and have a hidden IFRAME inserted to redirect unsuspecting users to malicious site hosting the MPack toolkit. The toolkit stores statistical information like Geo Location, Browser Type and Operating System info relating to users accessing bait websites.



BC AdBot (Login to Remove)

 


m



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users