MPack, the great hype generator

There has been a lot of hype around MPack. As a result consumers are asking anti-virus vendors if they detect it.

For the average consumer detecting MPack is of no value. MPack was reportedly found on over 10,000 web servers, however not a single visitor to those sites was infected with MPack. MPack is only a slingshot. You can put whatever you want in a slingshot and fire away. If NOD32 detects MPack on a web server and it isn’t your web server it does you no good. MPack isn’t what gets delivered to you. The visitor to an MPack afflicted server was potentially infected by lots of other malicious software.

The single best defense against MPack for the end user is keeping their operating system and applications patched. Anti-virus is a really good idea too, but if you had a current and fully patched system with default browser settings MPack isn’t really a problem for you. When I say fully patched system this includes not only the operating system, but all of your applications. Do you run Firefox? Opera? iTunes? Internet Explorer? An instant messaging program of any type? If you do not keep your system current then MPack is only one of numerous threats and not deserving of any special recognition. Worrying about MPack is like inspecting one tire on your car and driving off without caring about the other three.

If you own a web server and are worried about MPack then you don’t understand the problem. The problem is not MPack it is the security issue that allowed MPack to be installed. If MPack is there you are wide open to all manner of attack and MPack is only one of the potential attacks. There were several sites that removed MPack only to find it back again. This is because they only treated the symptom and not the cause. Weak passwords, compromised accounts, an unpatched vulnerabilities can all allow all kinds of unauthorized access to a server. All accounts on servers should have strong passwords that are changed regularly. This also goes for your home computer.

The big headline should not have been about the number of servers affected by MPack – the headline should have read “Over 10,000 Web Servers Found to Have Serious Security Problems”

MPack is the least of your concerns, what it may deliver is what you need to be protected against, and that can be any malicious program. I have heard no reports of a single user going to an MPack infected site and then getting infected with MPack. It’s not the point of MPack.

Randy Abrams
Director of Technical Education