Symantec is reporting a widespread Web-based attack underway that is believed to have affected over 10,000 computers so far. As of the time of the report, 788 Web sites were known to be spreading the attack. Some of the sites appear designed specifically for the attack and others are legitimate sites that have been compromised in order to spread it.

The attack uses the MPack exploit tool kit, which is an easy-to-use kit that allows the designer to specify an executable to be run on compromised computers. The kit attempts to use a wide variety of client-side vulnerabilities in order to attack the client PC and run the executable. All of the vulnerabilities have already been patched by various vendors. Vulnerabilities involving QuickTime, WinZip and, of course, Microsoft Windows, are employed by the kit.

Symantec has raised its ThreatCon level, which measures the general level of threat on the Internet, from 1 to 2, which calls for increased alertness. In the short term, all of the actual exploitation comes from two IP addresses — 81.177.8.30 and 203.121.71.183 — and it should be sufficient protection to block those two addresses at the gateway.