Mpack exploit affecting over 10,000 sites

By Justin Mann on June 18, 2007, 6:15 PM
Cross-site scripting is making the headlines more and more, with more sites becoming compromised and more people falling victim to those trying to exploit them. According to Websense, a newer XSS exploit called “Mpack” is now affecting 10,000 sites worldwide, with servers all over the world being responsible for hosting the code.

The “Mpack” attack relies on IFrames, placing them over legitimate websites, which might encourage people to trust the maliciously loaded content. From there, you'd have to allow installation of downloaded software. Mpack is written in PHP, and stores information in MySQL databases – obviously requiring considerably system compromise to make itself available. It isn't by any means a new exploit, being traced back as early as December of last year, according to Panda Labs.

However, the latest string of attacks shows a definite increase in its prevalence It has several iterations of its own code for different browsers, though the article doesn't mention if the most current updated browsers are affected. Of course, only the Windows platform is vulnerable to actual infection. You can download a PDF detailing the exploit from Panda Software's site.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.