Cross-site scripting is making the headlines more and more, with more sites becoming compromised and more people falling victim to those trying to exploit them. According to Websense, a newer XSS exploit called “Mpack” is now affecting 10,000 sites worldwide
, with servers all over the world being responsible for hosting the code.
The “Mpack” attack relies on IFrames, placing them over legitimate websites, which might encourage people to trust the maliciously loaded content. From there, you'd have to allow installation of downloaded software. Mpack is written in PHP, and stores information in MySQL databases – obviously requiring considerably system compromise to make itself available. It isn't by any means a new exploit, being traced back as early as December of last year, according to Panda Labs.
However, the latest string of attacks shows a definite increase in its prevalence It has several iterations of its own code for different browsers, though the article doesn't mention if the most current updated browsers are affected. Of course, only the Windows platform is vulnerable to actual infection. You can download a PDF
detailing the exploit from Panda Software's site.