A malware distribution and attack kit sold commercially through underground channels on the Internet has compromised hundreds of thousands of systems in the past six months, including an epidemic of infections that hit Italian Web servers this past weekend, according to security and antivirus firms.
Known as Mpack, the kit consists of commercial-grade software components written in the PHP Web programming language and apparently sold by a group of Russian programmers. The software, which comes with a year of support, was first mentioned in an analysis penned by antivirus firm Panda Software. In mid-May, Panda stated that the software had compromised at least 160,000 computers.
"Mpack offers the type of features you would expect from a legal application," Luis Corrons, technical director of PandaLabs, said in a previous statement. "For example, client updates. These updates, effectively different versions of the application, are actually the exploits needed to take advantage of the latest vulnerabilities discovered."
The kit uses techniques similar to previous attacks that leverage legitimate Web sites that have been compromised to redirect visitors to malicious download sites. The software uses HTTP header information to send exploits that target the victim's specific browser, stated an analysis by security firm Symantec, the owner of SecurityFocus.
The software has garnered attention this past weekend because a number of compromised Web sites in Italy have redirected visitors to malicious sites running Mpack, according to antivirus firm Trend Micro.
The Mpack kit sells for anywhere between $700 and $1,000.
Posted by: Robert Lemos