As someone who speaks Italian, I frequent Italian web sites as one way to practice the language, and, as a result, find the recent Italian Job hack personally troubling.
The hack got its name from
Trend Micro, which reported it yesterday. There are screen shots of an affected site with a sample of the malicious code embedded in an IFRAME tag.
The attack started from a network of at least 10,000 hacked web sites based in Europe. Visitors to the sites were redirected to servers hosting Mpack, a malware kit developed by Russian hackers. Mpack loads keystroke logging software that scouts the user's computer for user IDs and passwords for online banking web sites.
Details about Mpack can be found on
Symantec's web site with more specific information about the
Italian attack posted there, as well. Websense also issued an
alert.
Ryan Naraine's Zero Day blog has
more background information about the exploit.
What's interesting is that the root cause are compromised web servers at one of Italy's biggest ISPs. But no one has explained how those servers were compromised in the first place. If those servers hadn't been compromised, this attack would have been thwarted.
This story was also reported in
Computer World and
eWeek.
I returned last month from a two-week trip to
Italy.