Porn Sites Redirect Visitors to Servers Hosting Mpack Exploits

Hundreds of pornography sites are launching attacks on unwitting users via Mpack exploits. Mpack is the notorious toolkit for hackers that launched large volumes of attacks during the third week of June this year from a network of over 10,000 infected domains.

Trend Micro Inc. has detected nearly 200 porn domains, most of them hosting incestuous material that were either under hackers' control or redirected surfers to servers facilitating Mpack exploits. Mpack is a professional tool that is a collection of Russia-made exploits and is packed with a management console.

The Mpack tool put to use in Web-based attacks had taken over 10,000 Websites, mainly in Italy together with other European regions, according to security researchers. This has been the recent largest Mpack attack, showing how sophisticated hackers and harmful software creators are succeeding in taking over control of network security while it is the prime area for fight against online crime.

Although in the new attack involving porn sites, the number of sites is much less compared to the 'Italian Job' assault, the criminals have infected double the number of PCs, said Trend Micro, as published by Computerworld on June 25, 2007.

The Mpack assault perhaps started on June 17, 2007. But according to Trend Micro, they are not certain whether the porn sites would be used to host iFrames after compromising them or they are hired to inscribe iFrames in them. Computerworld published this on June 25, 2007.

Meanwhile, according to a Symantec security analyst, Amado Hidalgo, the gang of criminals using Mpack seems to be putting up an iFrame manager program to run the job on a bigger scale. Hidalgo said the tool was essentially an updater for FTP that uses MySQL on a backup data. With this, it routinely verifies a huge list of sites to insert the malicious iFrame program in the free ones.

Trend Micro said the host of most of the hacked websites seems to be the same ISP. Symantec added that some vulnerability or configuration at the ISP hosting level was likely responsible for the compromise of the sites.

Related article: Porn Links Overflow Irish Message Boards

» SPAMfighter News - 7/10/2007