Prepare to face MPACK

Derek Melber

If you think that running Windows Vista with the latest anti-virus software, updates are constantly updated and with Internet Explorer or Firefox blocked is enough to protect your safety on the Internet, that's all. All is a mistake. In this article we will introduce a new technology attack being implemented on the Internet today. This new attack comes from the MPACK kit, coming from attacks outside the United States. There are many ways to protect yourself, but if you do not act, you will most likely be attacked and compromised by the MPACK kit.

In computer security, MPACK is a PHP malware created by a group of Russian hackers. The first version was released in December 2006. Since then, almost all new versions have been released once a month. This malicious software was used to inject up to 160,000 computers. In August 2007, it was suspected that it was used in the attack on the Indian bank website.

The subtance of problem

A group of Russian hackers developed the toolkit in 2006 and are selling for $ 300 to $ 1000. This toolkit is easy to use and it comes with another tool called DreamDownloader (see Figure 1). This is a tool used to create downloaders usually sold with MPACK.

DreamDownloader is used by entering the URL of the file they want to download and this tool will create an executable file to perform that task.

Figure 1: DreamDownloader is used in conjunction with the MPACK toolkit

The problem here is that these tools are used in combination to change web pages on popular websites. The changed web pages will have new Iframe entries. This new Iframe section is as short as effective, its example is shown below:

Tài liệu dưới đây là từ website http://example.com:

Forward the browser to another site when the current page has been loaded. If the antivirus software is not upgraded, this malicious transcription cannot be detected. The last part of the transition is the PHP server that will run the MPACK tool.

The server running the MPACK toolkit will have to be a very smart server, because it must determine what the target computer is running for attack. The target computer browsing the website is evaluated for the OS and the browser, after activation, the download of specific files will be set to the target computer name. These files, traditional Root Kits or keyboard manipulation tools can be installed without the user knowing. Here, the target computer is compromised and it is difficult to detect anything that has happened. This link gives you more details about a typical attack scenario.

Hackers will use these vulnerabilities with iFrame Manager to continue connecting to the compromised web server, as shown in Figure 2. This means that although the Web site is fixed, it can still be infected. by a hacker using this manager at some point. The only way to avoid this problem is to change the password associated with the FTP server user. (For more information about IFrame Manager, see the video at the end of the article).

Figure 2: FTP manager

How you can be involved

When the computer browses the Internet, you may encounter risks. This attack may appear on any page, those that have been hacked. You simply connect to a website, maybe even a page you have used for years. If this page is infected, you may not know it unless you run spyware, anti-virus, or other appropriate tools.

Indeed this attack is dangerous, it can attack you very easily! If you ignore normal security operations, the operations that are often said in multiple security documents can be listed as compromised. Removing good security practices is the most dangerous action that MAPCK can infect you.

The problem is that even if you keep up-to-date with the latest versions of antivirus software, there may still be risks. This is because MPACK is constantly being updated. It is currently in version v0.84. The MPACK maker ensures that no virus scanner can detect new versions.

However, you also need to run traditional software or configure Windows workstations to detect these dangerous actions. This is done automatically in Windows Vista, UAC is enabled. You also need to run a firewall, both the perimeter and local firewall on the workstation. If you do not take precautions, you will be able to be attacked by the MPACK kit.

How to prevent being involved or isolating MPACK

We want to be able to provide some important tips and configurations to help you fight MPACK. If you try and properly implement security methods and behaviors in an account, you can avoid MPACK and protect your computer properly.

This is a list of actions you should perform on your computer to protect it before the MPACK kit. These actions will protect against any vulnerabilities that you are detected from email or on the Internet.

• Run Windows Vista with User Account Control enabled

• Install the latest service pack for operating systems, browsers and other Internet-related applications when they are provided.

• Install good anti-vius software

• Continuous update of virus database files

• Do not log on as an administrator or with administrator rights

• Do not enhance Internet-related applications to run with administrative rights

• Do not allow applications to run from IE unless you have a clear understanding of what is being done.

• Be knowledgeable about where your browser is browsing, by looking at the lower left part of the browser window, it will display the URL you are connecting to.

• Observe the URL of all links in the pages before you click on them (hovering over the link will show you the URL).

After executing these operations, you can be assured of the types of exploits to infect the computer. There is indeed no gold formula. You must use a proactive approach to security on the Internet. Because attackers and hackers become increasingly fast and sophisticated, catching up with them will be an extremely difficult task that we need to do.

Conclude

So how safe are you with MPACK? The answer is like all malicious viruses, malware, adware and Trojas coming from the IT community in recent years. Be smart when you surf the web, don't open emails and you don't feel confident enough . However, MPACK is a bit different, it can adjust its attack on a certain website. But if you have set up the operating system features appropriately (UAC and Vista firewall), you will receive notification of the behavior before being infected. Take precautions and activate the best security technology to protect yourself.