COMPUTERS
June 18, 2007 1:31 PM PDT

Massive Web attack gains momentum

Posted by Robert Vamosi
  • Font size
  • Print
IFrame code

The IFrame code that leads to drive-by exploits.

(Credit: Trend Micro)

Over the weekend, thousands of legitimate English-language Italian Web sites fell victim to one line of code. Taking advantage of the trust the users have in the sites they visit, the malicious code silently redirects browsers via JavaScript to servers containing a variety of drive-by exploits. If the visiting computer is unpatched for a variety of operating system, browser, and specific application flaws, malicious code is downloaded. Once installed, the new software can then be used to steal personal information or enlist a compromised machine in attacks on other machines. According to security vendor Websense, the attack now affects over 10,000 Web sites worldwide, and that list continues to grow. According to Trend Micro, servers hosting some of the malicious code have been traced to Chicago, the San Francisco Bay Area, and Hong Kong.

Steps used by Mpack

Steps used by Mpack

(Credit: Trend Micro)
The attack, dubbed Mpack, uses cross-site scripting to place malicious IFrames on legitimate Web sites. IFrames are used by Web designers to open additional windows (often hosted on other sites) within a main Web page; IFrames can also be used by criminal hackers to redirect browsers to malicious-code sites. Trend Micro believes this latest attack was automated. Websense reports that the server where users are redirected includes a counter that shows large numbers of visitors from Italy, Spain, and the United States.

Fortunately, there are a number of variables here. First, you must accidentally happen upon a vulnerable site, then your computer must have one of several browser vulnerabilities present for the attack to take root. According to Trend Micro, the component that serves up the browser vulnerabilities is browser aware, able to infect your specific browser of choice. Assuming it can, the attack then downloads various Trojans designed to steal personal information.

To prevent such an attack, Trend Micro urges everyone to be aware of sites requiring software installation; do not allow software installation unless you trust the site and the provider of the software. Keep your PC software fully patched and be sure your antivirus protection is updating properly. And, of course, be wary of any unexpected e-mail and e-mail attachments.

For more on this specific attack, antivirus vendor Panda has prepared a 28-page PDF that provides granular detail.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security

Tags:

security,

iframe,

WebSense,

Trend Micro,

Panda

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Was InfoWorld's CTO of the Year award a year late?
VMWare VI4 renamed to vSphere
Red Hat's new support product demonstrates subscription value
Teen listens to iPod during brain tumor removal
NASA, Google Maps track Southern California wildfires
Sprint first to offer HTC Touch Pro
Flipping out: RIM BlackBerry Pearl Flip 8220 debuts
Sprint HTC Touch Diamond outed early
Add a Comment (Log in or register) 9 comments
Haven't beat the record
by qwerty75 June 18, 2007 2:49 PM PDT
For most damage from one line.

That "honor" belongs to MS, with the sasser worm taking advantage of one line of code that took MS 188 days to fix.
Reply to this comment
Not on Macs
by MaLvaDo39 June 18, 2007 3:08 PM PDT
When will the Windows users finally wake up?

You have the Stockholm syndrome!
Reply to this comment
When will Mac users
by Lindy01 June 18, 2007 7:06 PM PDT
give up?

So if you have auto updates turned on your fine. You would not even need AV software....just auto updates.

Add in AV software that is up to date...throw in Vista with UAC and that is just another layer.

You have to be stupid....flat out stupid these days to get hit by this.

True is wont hurt a Mac....but that is because these A-holes want to get the most bang for the buck....and they did not want to waste their time on something that has less than 5% market share.
View reply
Children...Children!!!
by Kings X Rocks! June 19, 2007 4:51 AM PDT
We who use Windows to earn money to support our families (because our company mandates this OS) are very sorry that an interesting article about a clever, but dastardly, exploit struck such a nerve with OS-X users!!

Rather than starting up the old I-am-part-of-the-religion-of-Apple CRAP, why not talk about psycology of the exploit writers? Or the things that ISPs could possibly do the help trim out this stuff. Or, the theory of fuel-injection...

It'd be more interesting than your wanting so-o-o-o hard to be and I told you so!
advertisement

In the news now

Apple: DRM-free tunes, unibody MacBook Pro

roundup At Macworld, Phil Schiller touts 10 million songs sans DRM, plus 69-cent songs, a unibody 17-inch notebook, iLife updates, and more.


Countdown to CES

special coverage The tech community descends on Las Vegas as the Consumer Electronics Show gets ready to kick off in all its gadgety glory.


About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

News Blog topics

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Site map
Latest news
Business tech
Green tech
Wireless
Security
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
CNET Widgets
About CNET