Trend Micro says a large-scale security attack could be about to launch on the web after its researchers spotted a Russian server loaded with more than 400 different pieces of malware.

Chenghuai Lu, a senior threat analyst at Trend Micro, has uncovered a site with several hundred malicious programs and traced the site's server to a Russian IP address. Among the harboured malware were examples of three Trojan families: Dropper.cko, Clicker.qu and Polycrypt.g. All three clans typically hijack Internet Explorer on compromised PCs and direct users to adult websites.

Meanwhile, another Trend Micro researcher, senior software engineer Feike Hacquebord, has discovered a large number of Italian-language websites that at first glance appeared to be compromised with malicious IFRAMEs, inserts in the HTML coding of a page, often JavaScript, that can hijack a PC whose browser visits the site. On second look, however, the Italian-style sites do not appear to have been hacked but instead were created with the IFRAMEs in mind. According to Trend Micro, the IFRAMES point to the malware-packed Russian site found by Lu.

"Looking at these massive samples of malware, we can't help to think that there's something brewing in Russia," said Carolyn Guevarra, yet another researcher, on the Trend's team blog. "We have just seen these cybercriminals pull the 'Italian Job' recently," she added. "Are we now seeing a 'Russian Uprising' coming our way?"

Guevarra's Italian comment refers to a large-scale attack about six weeks ago that involved more than 10,000 hacked sites hosted in that country. Those attacks were guided by Mpack, a multistrike exploit tool kit that hackers had deployed on one or more servers; the compromised sites secretly directed users to an Mpack-equipped server, which then tried a number of exploits on the PC.

Trend Micro has blocked the malicious websites for its customers and is working to develop more information on the possible attack plot. "More details soon," Guevarra promised.