Roy Schestowitz wrote:
> MPack It Up [Trojan]
>
> ,----[ Quote ]
> | We asked Microsoft to advise customers about the MPack Trojan, which is
> | loose on the Web and spreading. Here it is.
> |
> | First, recap: Trend Micro reported that the Trojan had infected as many
> | as 10,000 Websites, as of yesterday. Local PC infection can occur from
> | merely visiting one of the affected Websites.
> |
> | However, the infection is spreading.
> |
> | "The majority of these [infection] reports center on Websites being
> | hosted on servers in Italy but there are indications that Websites in
> | Germany, Brazil and Japan may also be impacted," a Microsoft
> | spokesperson explained in an e-mail responding to a Microsoft
> | Watch request.
> |
> | Microsoft is conducing is own investigation and, when
> | completed, the company "will take the appropriate action to
> | address this issue."
> `----
>
>
http://www.microsoft-watch.com/content/security/mpack_it_up.html?kc=MWRSS02129TX1K0000535
>
MS do right to take time to look at this properly, but the only part that is
relevant to them is the payload, not the trojan.
It is the other side that is the main problem here, that hosts somehow let
their users login/passwords get out onto the blackmarket (that was the
suggestion) or that php sites are still being compromised, though I thought
that was taken care of, more an educational thing really, keeping secrets
out of the web visible areas (true of all web programming, not just php),
and protecting areas of your web sites particularly static pages.
Symantec say that their protected MS machines are already defended against
both parts of this trojan/payload. The description of "Mpack, Packed full
of badness" on the Symantec web site makes interesting reading though.
|
|