MBR Rootkit: follow up

I add a short follow up to the previous blog post about MBR Rootkit.

Most of the websites we have been monitoring that spread the MBR rootkit are using iframe code in compromised webpages, a widely known attack vector that has become widespread over the last few years.

We've seen that one of the most widely exposed countries to this attack is Italy, where these malicious pages are already seen on compromised web sites.