MPack - A better explanation

I have mentioned MPack in past CCSP and CEH classes and given a brief description of how it works. I remembered seeing a video this morning and hunted it down again. This is useful for anyone out there who has managed a web server.

While Mpack is no longer affective against patched servers, it's a great example of what current "packs" contain and how they work.

MPACK infection vectors are:

* Web Servers - An Iframe code that allows MPACK installation.
* Spam - Social engineering containing email that links to a legitimate but infected website.

What makes this piece of code successful is that it employs the following exploits:

* WinZip ActiveX overflow
* QuickTime overflow
* MS06-014 Microsoft Windows MDAC Vulnerability
* MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers
* MS06-044 Vulnerability in Microsoft Management Console
* MS06-071 Vulnerability in Microsoft XML Core Services
* MS06-057 Vulnerability in Windows Explorer)
* MS07-017 - Vulnerability in Windows Animated Cursor