I received a message from eWeek today titled MPack Trojan Attack Claims 10,000 Web Sites, which stated that as many as ten thousand websites may have been infected with malware that directs visitors to those websites to other sites where JavaScript code awaits that attempts to use a buffer overflow attack against vulnerable browser to cause malware to be downloaded to the systems of those visitors. I would have liked to have more detail in the eWeek article about what web server software was vulnerable to the MPack attack and what browsers might be vulnerable, but it appears many reports on the problem are just being posted today. The eWeek article was the first I had heard about the problem, so I appreciate the heads-up, though.
I also found information from Symantec at "Italy Under Attack: Mpack Gang Strikes Again!, after reading the eWeek article. There is another Symantec article titled MPack, Packed Full of Badness. I also located an ars technica article posted earlier today at " Security researchers uncover massive attack on Italian web sites, which had much more detail than the eWeek article.
According to that article the MPack software being used on compromised web servers "provides would-be malware installers with a complete package that can be installed on any web server that runs PHP with an SQL database." So that sounds like it can be used against both Apache web server software running on a variety of platforms, including Linux and Windows, as well as Microsoft's IIS web server software, since PHP along with MySQL or Microsoft's own SQL server software may be running on such systems. The article further states "The compromised web sites attempt to use exploits in unpatched versions of Internet Explorer, QuickTime, Windows 2000, Firefox, WinZip, and Opera, in order to install malware packages on end users' computers."
