Hackers hijack a half-million sites in latest attack

OhioChick

(1000+ posts) Send PM | Profile | Ignore

Mon May-12-08 08:00 PM
Original message

Hackers hijack a half-million sites in latest attack

They're exploiting phpBB open-source forum software, says researcher

May 12, 2008 (Computerworld) More than half a million Web sites have been compromised in a new round of attacks that hacked domains in order to infect unsuspecting users' PCs with a variety of malware, a security researcher said today.

"This is an ongoing campaign, with new domains popping up even this morning," said Paul Ferguson, a network architect at antivirus vendor Trend Micro Inc. "The domains are changing constantly."

According to Ferguson, over half a million legitimate Web sites have been hacked by today's mass-scale attack, only the latest in a string that goes back to at least January. All of the sites, he confirmed, are running "phpBB," an open-source message forum manager.

Ferguson didn't know how the sites were compromised; Trend Micro's investigation is in progress, he said. "We're not sure if it's improper configuration of phpBB or a vulnerability. Open-source applications like phpBB tend to be targeted quite a bit."

Visitors to a hacked site are redirected through a series of servers, some clearly compromised themselves, until the last in the chain is reached; that server then pings the PC for any one of several vulnerabilities, including bugs in both Microsoft's Internet Explorer and RealNetworks' RealPlayer media player. If any of the vulnerabilities is present, the PC is exploited and malware is downloaded to it.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9084991&intsrc=hm_list

Printer Friendly | Permalink | | Top

Tejas

(1000+ posts) Send PM | Profile | Ignore

Mon May-12-08 08:25 PM
Response to Original message

1. odd, no sites named

"According to Ferguson, over half a million legitimate Web sites have been hacked by today's mass-scale attack,"

1/2 million is a bunch, seems the author would have mentioned at least one that would be familiar.

Printer Friendly | Permalink | | Top

muriel_volestrangler

(1000+ posts) Send PM | Profile | Ignore

Tue May-13-08 05:52 AM
Response to Reply #1

2. The phpBB community forum has a post about this

Here: http://www.phpbb.com/community/viewtopic.php?f=6&t=953485

They list a couple of suspect URLs (with the 'http' changed to 'hxxp', to prevent any accidental loading of the dodgy JavaScript, I suppose). A Google search does indeed turn up a hundred thousand of hits for '"free.hostpinoy.info" phpBB', and many look like an attempt to inject JavaScript into any old forum (the 'script' tag appears in the web page title - I haven't tried going to any of those sites, just in case).

Printer Friendly | Permalink | | Top

Tejas

(1000+ posts) Send PM | Profile | Ignore

Tue May-13-08 08:56 PM
Response to Reply #2

3. appreciate that

I googled last night with all kinds of keywords and combos but besides the usual I came up empty.

*checks address box to make sure I'm at the DU (LOL!)

Printer Friendly | Permalink | | Top

DU AdBot (1000+ posts)

Fri Apr 26th 2024, 12:50 AM
Response to Original message

Advertisements [?]

Top

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.