MPack Hacking Creates Italian Job Trojans
When I first heard of the “Italian Job”, I thought it was some kind of new sex activity. Unfortunately, it’s nothing that good. It’s the name Trend Micro has given to an internet threat which started to appear on Italian web sites recently. It’s not a new threat but it’s growing and getting a lot of press coverage this week.Trend Micro and others have identified the infection and how it works on thousands of web pages. What’s still unclear is how so many legitimate sites have had their top level pages hacked.
The source of the infection appears to have been created using a Russian based hacker tool kit called “MPack”. For under a thousand U.S. dollars, you can install MPack and using its control panel, anonymously monitor the success of your malware around the world. MPack version 0.92 also comes with a number of examples that can help you deploy keyloggers, remote bots and worms using a variety of known vulnerabilities in Windows.
While all the security companies have spent plenty of time analyzing how MPack works, nobody seems to know how so many legitimate website are getting hacked. It sounds like the security companies need to spend more time designing and selling products to Internet Service Providers than just the average consumers.
MPack has been used for a variety of reasons. Everything from capturing passwords from financial institutions to just increasing traffic to a hackers Google Adwords page.