The cyber-crooks even offer one year's free support to those buying this version. Hackers that want to update Mpack with new exploits can buy them for between $50 and $150 per exploit.
The infection process starts with a hacker accessing a Web page and adding an iframe reference pointing to the server with Mpack installed. If a user then visits one of these pages, the iframe executes the Mpack index. This then searches for vulnerabilities on the user's computer. If it detects one, it downloads the corresponding exploit.
The study confirms that there could be as many as 350,000 affected Web pages active at the moment.
The exploit, once it reaches a computer, is run and compiles data about the infected computer (browser, operating system, etc.). This information is then sent to and stored on a server. Forty-one servers receiving this data have been located. From these servers the cyber-crooks can generate statistics about the type of operating system or Web browser on affected systems or the number of infections in a given area.
Hackers use a number of techniques to get users to visit the pages, including spam, using trick domains (e.g. gookle, instead of google,) or infecting pages that already receive numerous visits.
