According to PandaLabs, about 160,000 computers are infected with malicious code Mpack

After Mpack utility was detected by free online scanner NanoScan beta, PandaLabs registered its ability to download Malware on computers by exploiting multiple vulnerabilities.
There are at least 10,000 web pages that infect computers using this utility. Mpack is sold in online forums for a price of $ 700. Developers even offer updates for work with new vulnerabilities.
Exploit which was detected by NanoScan helped PandaLabs to reveal Mpack - a program that is used for downloading the malicious software to the remote computers by exploiting numerous vulnerabilities. Mpack has already been used on several occasions. One of the versions, to which PandaLabs has gained access, was used for infection of 160,000 computers.
These data were obtained with the help of statistical component of this application. But for the counting of the infected computers, this page allows cyber-criminals to track data on the host, which they attack, and also to group hosts accordingly to the installed operating system or browser. Also on this page there is the display of the effectiveness of the infection in different geographic regions.
This utility is sold in online forums for $ 700. With each version the developers offer free yearly support.
“Mpack contains functions that are commonly included in legal applications. For example, client updates. As updates other versions of the application act, which are in fact the exploits. They are needed for the use of the newly discovered vulnerabilities. Usually one update a month is released, and their cost ranges from $ 50 to $ 150”, - explains Luis Corrons, the technical director of PandaLabs. What is more, the customers are offered to buy DreamDownloader for $ 300. This utility is designed for creation of loadable Trojans. It works as follows: a hacker informs DreamDownloader with URL, which has the needed file (Trojan, worm, update of malware, etc.) and utility then automatically generates the executable file for its download.
“Two of these tools are complementary. The first allows you to infect the user with the chosen malicious code. The second, in turn, allows you to create this code, which is also designed for further download of other malicious software”, - adds Corrons. Attacks of Mpack
Mpack infects latently. Cyber-criminals use several technologies to make the user to run malicious file. In the case with Web servers, they generally add at the end i-coded reference to the file, which is downloaded by default and which contains the graded page at which Mpack is installed.
Sometimes they use the same hacked site for the layout of Mpack or other types of malicious software. They place Malware on third-party servers to hide their tracks. According to another infection technology, they place on host web pages the certain words; they are usually the words that are often used in the search. Thus, those pages are in the list found by search sliders, and the users who are searching can certainly enter a site containing Mpack.
There is another way of infestion - the purchase of domains with names, resembling the names of well-known sites. For example, gookle in which only one letter is different from the name of a well-known search engine google. Users, who by mistake entered the wrong letter, may become victims of the malicious code.
And, in the end, there is still spam. Electronic messages usually contain references, and to go on them they use the methods of social engineering.
Immediately after entering into the computer the code is run and collects data on the infected PC (browser, operating system, etc.). The information is then forwarded to a server where it is stored.
PandaLabs published a detailed study of Mpack, which can be accessed at: http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/11/MPack.pdf Any user who wishes to know whether his computer had been infected with this or that malicious code can use TotalScan or NanoScan beta, - free online solutions, which are available at: http://www.infectedornot.com