MPack malware more dangerous than phishing attacks

If you want to talk about your personal paperweight, you've found the right place!

Moderator: Moderators

MPack malware more dangerous than phishing attacks

Postby totedati » Fri Aug 03, 2007 21:35

Code: Select all
The company is calling this new form of thievery "crimeware," as if we needed another term to keep straight, but it's nasty stuff. In just the month of July, Finjan identified 58 criminals using the MPack toolkit to infect over 500,000 unique users.


http://www.aspnews.com/news/article.php/3691631
http://www.itpro.co.uk/news/121437/mpack-malware-more-dangerous-than-phishing-attacks.html

Thanks to Bill Gates and his crappy os, it is real, dangerous, and i suspect is GPL'ed :shock:

winxp = a malware virus
vista = a DRM virus

keep the good work bill ... forever .....
linux is free, the expertise to harness it is not!
you don't make so much money selling open source software!
You make MORE money USING it, just like google!
linux registered user #352479
totedati
Technological Hen
 
Posts: 417
Joined: Thu Jan 11, 2007 0:24
Location: Sibiu, Romania

Postby zouzou85 » Fri Aug 03, 2007 23:28

I am not sure i got it right, but from what i understand, the MPack malware is based on PHP, which is opensource and has nothing to do with M$ or billy. but it is indeed a very efficient malware it seems.
Please correct me if i am wrong, anyone?
Ignorance is not shameful. Arrogantly ignoring and denying your ignorance is.
All men are capable of learning, except two: The Arrogant and The Shy.
zouzou85
Growing Hen
 
Posts: 104
Joined: Tue Mar 27, 2007 5:12
Location: West Coast, North Africa, South America

Postby totedati » Fri Aug 03, 2007 23:51

is true, is all web server based, and this means that linux users can be afected also .... maybe i am a bit too biased about bill guilt here ... but he has a consistent contribution to this muddy situation ...

also i am very curious is compromised web server's is only IIS or apache powered can be in danger also. But as you correctly pointed out PHP is cross platform. But IS REAL, and very dangerous in how is used. Our only one line of defense is our beloved firefox, opera or konqueror web browser to this danger ... Is any of it vulnerable to any form of iframe exploits? Or iframe exploits is only used in windows + IE!? I am not so technically savy to know for sure right now ... But i will try to read, read here google, more and learn ...

me, for example, i'm using firefox web browser to pay my home utilities using only internet banking tehnology. Also my first donation to sabayon linux using moneybookers was done using only internet technology. Is a good thing to stay relaxed in your home and move money around the world, but sometimes all this things can be dangerous ....
linux is free, the expertise to harness it is not!
you don't make so much money selling open source software!
You make MORE money USING it, just like google!
linux registered user #352479
totedati
Technological Hen
 
Posts: 417
Joined: Thu Jan 11, 2007 0:24
Location: Sibiu, Romania

Postby totedati » Sat Aug 04, 2007 1:05

here
http://www.symantec.com/enterprise/security_response/weblog/2007/05/mpack_packed_full_of_badness.html
a more complete description of how is working .... added later ... a very good description ...

all very professional, indeed .... and look like is made for bill beloved micro$1t os only ... how long will take to build a linux specific exploit also?

i see from some time a move to use the power of collaborative work like all GPL software projects use to make this type of things: an automated virus generator, where each virus is only a plugin in a more coherent infrastructure ... and now this! Scary indeed ...
linux is free, the expertise to harness it is not!
you don't make so much money selling open source software!
You make MORE money USING it, just like google!
linux registered user #352479
totedati
Technological Hen
 
Posts: 417
Joined: Thu Jan 11, 2007 0:24
Location: Sibiu, Romania

Postby zouzou85 » Sat Aug 04, 2007 17:34

i honestly don't see anything specific to M$ windoze operating system. the article doesn't mention windows at all, it just makes a reference to .exe file which the mpackkit would download. and that is only if your OS is windows. If you run a different OS, the MPackkit will download a .php file. this means that even linux users are at risk.
looking at the statistics provided in the article, you will find that the majority of the victimized users are using windows XP and the windows provided Internet Explorer, but that's only because the majority of computer users run Windows XP.
Therefore, linux users should be just as worried and careful.
again, correct me if i am wrong.
Ignorance is not shameful. Arrogantly ignoring and denying your ignorance is.
All men are capable of learning, except two: The Arrogant and The Shy.
zouzou85
Growing Hen
 
Posts: 104
Joined: Tue Mar 27, 2007 5:12
Location: West Coast, North Africa, South America

Postby totedati » Sun Aug 05, 2007 7:38

zouzou85 wrote:again, correct me if i am wrong.


No, you are not wrong. this is why i am so worried. here no firewal setup can help you. Vector atack is to http 80 port. You only line of defense is your web browser. As you can see from secunia reports all of it has problems handling malicious web pages, forefox, opera, mozilla, safari, ie, konqueror etc. All have problems, and can be used to carry a hidden payload. What i dont know is if iframe type of exploits is windows specific or not. Is important that the iframe exploit is inserted to server webpage!

And what i understand is that between a usual credit card payments, like a normal one the malicious web page, constructed on the fly, query you about you PIN credit card number. DON"T TELL YOUR PIN CREDIT CARD NUMBER TO ANYONE!!! Is not needed by a normal internet payment transaction. If you do that, correlated with other credit card info, the robbers can clone your card and in a split second is now empty ...
linux is free, the expertise to harness it is not!
you don't make so much money selling open source software!
You make MORE money USING it, just like google!
linux registered user #352479
totedati
Technological Hen
 
Posts: 417
Joined: Thu Jan 11, 2007 0:24
Location: Sibiu, Romania

Postby zouzou85 » Mon Aug 06, 2007 3:17

well, for me now, until more reports come out on this mpack malware discribing how it precisely works and how it could be avoided, i will be going to my bank to sort out transactions. i know some of you will be thinking that i am paranoid, but i live about 1 mile from my bank, so a walk would be healthy. ;)
but for internet transactions, i'll be using just paypal, and i will be keeping a close eye on it too.
but that's just me, :P
and if anybody has any suggestions, please throw them out here.
Ignorance is not shameful. Arrogantly ignoring and denying your ignorance is.
All men are capable of learning, except two: The Arrogant and The Shy.
zouzou85
Growing Hen
 
Posts: 104
Joined: Tue Mar 27, 2007 5:12
Location: West Coast, North Africa, South America


Return to Off Topic

Who is online

Users browsing this forum: No registered users and 5 guests

cron