Today I have come across a server hosting an Mpack that has 292 different websites with iframes that make reference to it.

Most of the infected users are Italian, as in the case we explained a month ago. You can check the information by following this link:

But, the most curious thing is that after analyzing the range of the IP addresses, we have seen that the websites are hosted in the same Italian provider as in the other case.

The version of this Mpack is 0.91. However, the latest version we have found is 0.94.