Online criminals have launched a widespread web attack that has turned tens of thousands of legitimate websites into weapons, security vendors said Monday.
Although attackers have hit targets around the world lately, more than 80% of the infections are on Italian websites, said David Perry, global director of education with Trend Micro. "Almost all of the websites we saw this weekend were in Italy; we were referring to it as 'Italian Job 3,' in-house," he said referring to the Michael Caine heist film that was remade in 2003.
Most of the infected websites are legitimate, Perry added. "These aren't porn sites, they aren't gambling sites; they are hotels, fish-and-tackle sites, tourist information," he said.
Even local Italian government websites have been infected, and most of the affected sites are hosted by one of Italy's largest web service providers, Trend Micro said.
The US Federal Bureau of Investigation is investigating the matter, according to Perry. "This is an absolutely criminal activity," he said. "They're attaching keyloggers to many thousands of people's computers without their consent."
Infected sites contain a short piece of HTML "iFrame" code that redirects the victim's web browser to a server that attempts to infect the victim's computer using a tool called "MPack."
MPack can launch a variety of different attacks against the victim's PC, depending on which browser and operating system is running. It exploits a number of well-known bugs that have already been patched, meaning it is dangerous to people who are not running an updated version of their browser, Perry said. "If they have a browser that hasn't been patched, their machine is going to be compromised."
The malware can be used to attack Internet Explorer, Firefox and even the Opera browser.
MPack installs a keylogger and a Trojan downloader programme on compromised PCs so that the attackers can monitor the victim's activity and run other unauthorised programmes on the computer. "They can turn your computer into anything they want," Perry said.
While the technique these criminals are using to infect PCs isn't new, "an attack on this scale is notable for both its ambition and the coordination involved in pulling something like this off," said Chris Boyd, a researcher at FaceTime Communications. "Users should ensure they're fully patched, as the hackers are relying on you running exploitable systems to gain entry into your PC."