Application security

‘Italian Job’ trojan infecting thousands of servers, end-users

A fast-moving, large-scale trojan attack using the MPACK web exploit toolkit has infected nearly 10,000 web pages, downloading malware on end-user's PCs, according to security researchers at Trend Micro and Websense.

Called the "Italian Job" by Trend Micro researchers because a majority of the infected pages are hosted in Italy, the trojan downloads a keylogger designed to steal banking and confidential information through a wide range of web-infection downloads.

avid Perry, global director of education for Trend Micro, said the infection vector "was built from a kit sold commercially in Russia."

The original attack came "from Hong Kong, [but the hackers] set up a server in San Francisco that relays to one in Chicago," said Perry. "The infected websites are taken over to the point where they're owned by whomever the hackers are."

According to Trend Micro, tens of thousands of unaware users have already accessed compromised web pages, infecting their systems with the trojan. The downloaded malware takes advantage of a vulnerability in so-called "iFrames" that are commonly used and exploited on websites.

Perry said the trojan is "an automated tool that looks for not just one but any number of vulnerabilities" on systems visiting the infected pages. The impacted web pages "have also been infected using vastly different methods, and not having our hands on the tool or automated process, we don't know what it's limited to," he added.

The fact that the perpetrators are stealing personal information points out that they "definitely have criminal intent," added Perry.

Trend Micro said it is working with the FBI to catch the perpetrators.

Get more IT security news. Click here for SC Magazine Blogs.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.