Forgot your password?
typodupeerror
Security

Malware Pulls an "Italian Job" 133

Posted by kdawson
from the blame-italy dept.
A number of readers sent us word about a malware attack that has been underway since Saturday that began with the compromise of more than 1,100 mostly Italian Web sites. Websense claims that more than 10,000 sites have been infected by now, 80% of them in Italy. There are indications that most of the Italian sites are resident at the same large Italian hosting provider. Trend Micro reports on the attack, which is launched from a malicious Iframe tag inserted into pages on compromised sites. For visitors to these sites, this begins a cascade of "drive-by" malware downloads if one of several targeted vulnerabilities is available and unpatched. The first page to which visitors are redirected by the Iframe hosts a recent version of Mpack attack software. Panda has a month-old report on Mpack (PDF) that provides copious detail about its nefarious ways.
This discussion has been archived. No new comments can be posted.

Malware Pulls an "Italian Job"

Comments Filter:
  • by siddesu (698447) on Monday June 18, 2007 @11:23PM (#19560471)
    you're right to an extent, but still, if you are a site owner, and if your site is making money for you (or if you are a site user, and are delivering benefits from the said site) little would you care if you're co-hosted or not. the days when putting up a site meant l33t skillz and buying a server seem long gone. the fact that sites are hosted on one server (and it may be a big server) doesn't make the problem smaller to the owners and the users.

    and, incidentally, imho software companies should be liable for trouble created by their software as the hosting companies are.
  • by Anonymous Coward on Tuesday June 19, 2007 @12:04AM (#19560793)
    and, incidentally, imho software companies should be liable for trouble created by their software as the hosting companies are.

    Never will happen.

    The software vendors cannot control what 3rd party software run with their software -- not even a pure 'monoculture' PC from the OS up.

    Hence the usual longwinded boilerplate EULAs that REALLY only say 3 things:

    1) Do redistribute our software.
    2) Do not reverse engineer our software.
    3) This software is "AS IS". Use it at your own risk. We are not responsible for anything that happens to your compuer when you use our software.
  • Insightful my ass...

    The day your favorite OS dominates the market, it'll be pwned, don't you worry. And I say this as 1) a Firefox fan, hoping that it never gets to be the majority browser for precisely that reason, and 2) a fan of all the OS's. I use Windows for my desktops, Linux for my servers, and Mac sometimes to play. They all have fans, and I don't feel the need to belittle any of them to make one of the others look better. It doesn't work that way.

    Hope I don't get modded down - I'm not so much flaming as ANTI-trolling if you catch what I"m trying to say. heh. :P
  • by Anonymous Coward on Tuesday June 19, 2007 @12:16AM (#19560879)
    Disclaimer: I am neither a Windows fan nor an Mac hater. I use Windows *nix almost equally.

    Everytime some vulnerability is found, someone shouts about not using Windows, especially these Apple lovers. Come on guys, can we stop this? These so called malwares target novice users, not Slashdot users. Tell me a single alternative your mom can use and I will take it. The so called alternatives are either too_expensive (suggest your mom to shell out 2K on Mac just_to_get_on_internet) or too_not_userfriendly. Why not stop beating the drum on Windows?
  • by Anonymous Coward on Tuesday June 19, 2007 @12:29AM (#19560957)
    "The day your favorite OS dominates the market, it'll be pwned, don't you worry."

    If market share is any indication to being pwned; then why isn't Apache attacked more that IIS? According to Netcraft Apache has 53.76% of the market compared to MS: 31.83%

    And I say this as 1) a Firefox fan, hoping that it never gets to be the majority browser for precisely that reason, and

    I personally only want FF have enough of the market; just enough to make companies follow the web standards: IE not catering to only one browser. Actually, the same applies to ODF; just enough to make companies not require a specific Office Suite.

    "2) a fan of all the OS's. I use Windows for my desktops, Linux for my servers, and Mac sometimes to play."
    Use what ever works for you.
  • by weicco (645927) on Tuesday June 19, 2007 @02:05AM (#19561611)

    Even simplier:

    1. Run Windows Update
  • by tinkertim (918832) * on Tuesday June 19, 2007 @02:42AM (#19561875) Homepage

    and, incidentally, imho software companies should be liable for trouble created by their software as the hosting companies are.

    There are many web hosting companies and some of them negate their responsibility to Internet users at large.

    The web hosting industry does not get much attention from free software developers. This is broadly because they want to insist that anything they spend money on develping not be usable by their competition. As such, no company (under the terms of the GPL) may make any developer sign any kind of non disclosure agreement for the purposes of receiving GPL code.

    The web hosting industry is stuck in a rut of its own design. It uses software that it can't modify to meet its real security needs because nothing exists free that has all of the working features that their customers demand.

    This is the problem, this will continue to be the problem for quite some time. Even if a free control panel and billing system were realsed that they find suitable it would only be after perhaps a couple years of development and testing.

    Sad, but true. The industry is making us all a victim of its success. It sells the use of GNU/Linux computers pocketing all profits and only giving back to companies that produce software that is not free.. totally against the tit-for-tat that made it such a lucrative market to begin with.

    You're right, but you left out some stuff. :) I'm part of that industry, but only one of very few people who speak out against the practice and remain able to eat and pay bills.
  • by fucksl4shd0t (630000) on Tuesday June 19, 2007 @04:07AM (#19562257) Homepage Journal

    Let's see, users are asked to use a commandline and they say "I've got no idea, how much do you charge?"

    --compared to--

    After a long series of condescending dialogs over what was otherwise a minor problem, the user has now unwittingly completely trashed his system. She's on the edge of a nervous breakdown and doesn't know who to trust, because her 4 calls to Microsoft tech support led her down 8 different blind alleys, and her friends have all told her to just reload, but make a backup first, and she's thinking "wtf do you mean, reload? And how am I supposed to do a backup?"

    Here in the linux world, I think it's perfectly ok to offer only an advanced UI for a task that expects the user performing it to have the necessary skills to do it, or the necessary time to learn the skills. The alternative we've all faced already, some friend/relative shows us a computer that's needlessly fucked because the OS lied to them, by both calling them an idiot and telling them it would fix it for them.

    Yes, for all tasks that a user reasonably is expected to perform, Linux does well, imo better than Windows. For more advanced sysadmin type stuff, it also does very well by presenting the user with the simple choice: learn how to do the task or find someone who knows how to do the task. Use Linux and you'll never need your prozac again.

  • How does using a different brand of computer make you a "douche"? I think it's the average mac user themselves who think that because they own a Mac they're superior. Actually, I think they thought that before they even got the Mac. I'm a recent switcher, 6 months now, and I don't think I'm any more of a douche than I was before. I'm not a hippy and I'm not artistic, I just like it because it's something I've never used before and it does just about everything I need to do and it's more stable/easier to use than Windows.

    And if nobody gave a shit about Macs, why does Apple have a bigger market share than Toshiba and currently has the same size market share as Gateway? Oh, and Apple's market share is growing every day much faster than either of those two companies.


    But maybe you're just a troll.

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman

Working...