Tuesday, June 19, 2007

The Italian Job Hack

As someone who speaks Italian, I frequent Italian web sites as one way to practice the language, and, as a result, find the recent Italian Job hack personally troubling.

The hack got its name from Trend Micro, which reported it yesterday. There are screen shots of an affected site with a sample of the malicious code embedded in an IFRAME tag.

The attack started from a network of at least 10,000 hacked web sites based in Europe. Visitors to the sites were redirected to servers hosting Mpack, a malware kit developed by Russian hackers. Mpack loads keystroke logging software that scouts the user's computer for user IDs and passwords for online banking web sites.

Details about Mpack can be found on Symantec's web site with more specific information about the Italian attack posted there, as well. Websense also issued an alert.

Ryan Naraine's Zero Day blog has more background information about the exploit.

What's interesting is that the root cause are compromised web servers at one of Italy's biggest ISPs. But no one has explained how those servers were compromised in the first place. If those servers hadn't been compromised, this attack would have been thwarted.

This story was also reported in Computer World and eWeek.

I returned last month from a two-week trip to Italy.


Post a Comment

Links to this post:

Create a Link

<< Home