R. Fink | Can't just forget about this cyberhit
The Packet Rat
Michael J. Bechetti
'Well, here we go,' the Rat mumbled as he worked his way through his morning threat report. 'Yet another reason to distrust Web 2.0.'
The whiskered one's worry lines were deepening because of a recent Trojan horse that has been sweeping across Web sites, infecting more than 10,000 sites with a stealthy malware downloader.
A large number of the sites affected thus far are in Italy and Spain, leading Trend Micro to dub the attack 'The Italian Job.'
Apparently a professional hit by hardened cybermobsters, the malware scare came on more abruptly than the end of the last 'Sopranos' episode, leaving site managers scrambling to figure out what had happened.
Although none of the Rat's sites has been attacked, he's concerned because the attack has affected a variety of entertainment, travel and music sites ' the kinds of sites he's always trying to keep users from visiting from inside his network anyway.
A site that tries to collect money for Mother Teresa's charities and a Bon Jovi music site were among those compromised. 'Bon Jovi's site was attacked?' he agonized. 'Geez, how many Bon Jovi fans do I have? Dozens at least. ''
The evil Web attack, which uses two already-patched Windows vulnerabilities, redirects users from the Web site they visited through two servers and attempts to download more nasty bits of software onto their systems, documenting for later exploits the vulnerabilities of each target system.
Although no major government sites were infected, the fact that more than 10,000 sites were taken over within a week has many Web watchers worried.
MPack, the Trojan in question, is written in the PHP scripting language and has been characterized as professional-quality software.
Some of the attacks have also involved typo-squatting ' creating bogus sites that use frequent misspellings of site names to catch those with bad keyboarding skills.
MPack keeps meticulous track of the systems it infects. One of the 10,000 sites infected had compromised more than 10,000 clients before it was discovered.
Which leaves the Rat wondering: Where can he hire the guys who wrote this software?
'Heck, my own remote-client management software doesn't have this good a metrics package,' the cyberrodent sighed as he looked at screenshots of one infected server's secret console.
'Maybe if I cut a deal with these guys,' the Rat thought briefly, 'they can solve my Web VPN patch distribution problem for me, turning their powers to good instead of evil.'
But of course, there was the small issue of getting a group of allegedly Russian cybergangsters security clearances.