MPack Attacks Stealthier than Phishing Attempts

Finjan, the company that develops products for Web security, is warning computer users that the MPack toolkit used to develop malware is an easy means for criminals to steal bank account information without requiring users to visit phishing sites.

In July 2007, Finjan identified 58 incidences in which MPack toolkit was employed by criminals to successfully attack more than 500,000 individual users. The infection rate was 16% after 3.1 Million attacking attempts. This was evident from the voluminous flow of web traffic to infected sites.

According to Finjan's analysis, the MPack's crimeware captures bank account details comprising of username, password, social security number, credit card number and such information in a rather innovative manner. With this crimeware, hackers can commit theft of account information from many banks across the world while leaving no clue for tracking. The crimeware transmits the stolen data via an SSL, or Secure Communication Channel to escape detection.

The attack using MPack crimeware is more treacherous than previous kinds of phishing that required fraudulent websites. Since this type of attack succeeds just on the user's PC and is in an encrypted form, the attack detection becomes extremely hard, said Yuval Ben-Itzhak, chief technology officer at Finjan. ITPro published this in news on July 31, 2007.

When this crimeware infects a system, users will find no disturbance in the normal functioning on their machine and also no change in their online browsing. The crimeware has a rootkit nature that leaves no impact on the end user experience. To add to the problems, most of the well-known security products are still not able to detect the crimeware that the MPack toolkit downloads. This makes it so effective to infect computer systems.

The malware spreads via legitimate sites that in turn suffer a malware infection that injects iFrames on its home pages. Once this happens, the malicious code runs on the page thus infecting the user system, said Ben-Itzhak.

While the user relies on the supposed security of the site, the criminals manage to gather all the data they require to rob the innocent victim and carry out a criminal act.

Related article: MPack Discloses Stingy Web

» SPAMfighter News - 8/13/2007