After cleaning several systems of micro bill over the past few weeks (including my own), it has become apparent that some systems are becoming infected not through the deliberate or accidental visitation of the porn sites that employ MBS as debt collectors,but through the deliberate infection of supposedly secure legitimate sites that many people use for reference, news and legitimate entertainment.
MBS has denied that their software is being used in this way, but a carefull and comprehensive study of the search histories on the Systems that I have cleaned; reveal that Malware may have been responsible for the insertion of micro bills insidious software.
Although MBS can be quickly and easily cleaned from the system, the cost for the uninitiated can be expensive, with systems locked untill cleaned.
It has now been found that the Russian produced MPack is being used to infect these legitimate sites, with several thousand infections over the past few months.
MPack has an integrated statistics function which informs its operator of the number of PCs attacked and the success rate of infections. Version 0.9 of MPack includes exploits for the ANI vulnerability and vulnerabilities in the MDAC function, Windows Media Player, Microsoft Management Console, XML functions, WebViewFolderIcon, QuickTime and WinZip.
The starting point for some of the current attacks are websites located in Italy. The IFrames located on these web pages, which are needed for the attacks, were probably added during infiltration of the servers. The route is said to be a vulnerability in the hosting configuration application cPanel. Infiltration of a hosting server allows hundreds of websites to be compromised and manipulated simultaneously. In 2006 a vulnerability in cPanel was exploited for a mass hack at HostGator, as a result of which visitors were infected with a trojan via the VML vulnerability in Internet Explorer 6.
As soon as a victim visits a prepared web page, his browser loads additional code from the MPack server via the integrated IFrame.
After analysing the operating system and browser the attack module tries out multiple exploits until it scores a hit - or runs out of exploits.
If it is successful, the server installs malware onto the PC.
iDefense does not state whether or not MPack is able to infect non-Windows systems. The source code for MPack certainly includes switches for other browsers, such as Firefox and Opera.
Currently MPack is only exploiting known vulnerabilities for which updates are available.
Unfortunately when purchased the MPack comes with a 1 year subscription which includes updates that enable it to bypass new security patches almost as soon as they are released.
One of the prime results of infection appears to be redirection, these redirections include porn sites, including child pornography.
I would recommend that all surfers use great caution in allowing popups through, and take even greater caution when downloading Activex controls
Even from legitimate websites.
Three main servers in china are currently a source of infection.
Much of the malware is dedicated to searching out financial/bank details on infected systems.
MBS has denied that their software is being used in this way, but a carefull and comprehensive study of the search histories on the Systems that I have cleaned; reveal that Malware may have been responsible for the insertion of micro bills insidious software.
Although MBS can be quickly and easily cleaned from the system, the cost for the uninitiated can be expensive, with systems locked untill cleaned.
It has now been found that the Russian produced MPack is being used to infect these legitimate sites, with several thousand infections over the past few months.
MPack has an integrated statistics function which informs its operator of the number of PCs attacked and the success rate of infections. Version 0.9 of MPack includes exploits for the ANI vulnerability and vulnerabilities in the MDAC function, Windows Media Player, Microsoft Management Console, XML functions, WebViewFolderIcon, QuickTime and WinZip.
The starting point for some of the current attacks are websites located in Italy. The IFrames located on these web pages, which are needed for the attacks, were probably added during infiltration of the servers. The route is said to be a vulnerability in the hosting configuration application cPanel. Infiltration of a hosting server allows hundreds of websites to be compromised and manipulated simultaneously. In 2006 a vulnerability in cPanel was exploited for a mass hack at HostGator, as a result of which visitors were infected with a trojan via the VML vulnerability in Internet Explorer 6.
As soon as a victim visits a prepared web page, his browser loads additional code from the MPack server via the integrated IFrame.
After analysing the operating system and browser the attack module tries out multiple exploits until it scores a hit - or runs out of exploits.
If it is successful, the server installs malware onto the PC.
iDefense does not state whether or not MPack is able to infect non-Windows systems. The source code for MPack certainly includes switches for other browsers, such as Firefox and Opera.
Currently MPack is only exploiting known vulnerabilities for which updates are available.
Unfortunately when purchased the MPack comes with a 1 year subscription which includes updates that enable it to bypass new security patches almost as soon as they are released.
One of the prime results of infection appears to be redirection, these redirections include porn sites, including child pornography.
I would recommend that all surfers use great caution in allowing popups through, and take even greater caution when downloading Activex controls
Even from legitimate websites.
Three main servers in china are currently a source of infection.
Much of the malware is dedicated to searching out financial/bank details on infected systems.
Comment