Author Topic: [SECURITY ISSUE] Do you run a phpBB forum??  (Read 1669 times)

KnacK

  • Global Moderator
  • Autococker
  • Posts: 3039
[SECURITY ISSUE] Do you run a phpBB forum??
« on: March 18, 2008, 07:08:59 AM »
Hot on the heels of a recent hack in which 10,000 sites were compromised, researchers have disclosed a new large-scale attack..

Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages.

Most of the infected pages are running the phpBB forum software, said McAfee. The compromised pages are embedded with a Javascript file that links to the site hosting the attack.

Rather than attempt to exploit browser vulnerabilities, the attack attempts to trick a user into manually launching its malicious payload.

"This contrasts [Thursday’s] attack in that the vast majority of those were active server pages (.ASP)," explained McAfee researcher Craig Schmugar on a company blog posting.

"The ASP attacks are different than the phpBB ones in that the payload and method are quite different. Various exploits are used in the ASP attacks, where the phpBB ones rely on social engineering."

The infected pages bring up what appears to be a pornographic web site. Upon loading the page, a 'fake codec' social engineering attack is attempted. The user is told that in order to view the movie on the page, a special video codec must be installed.

The user then downloads a trojan program which installs a malware package on the users system then delivers a fraudulent error message telling the user that the supposed codec could not be installed.

Cameron

  • Global Moderator
  • Autococker
  • Posts: 2686
Re: [SECURITY ISSUE] Do you run a phpBB forum??
« Reply #1 on: March 18, 2008, 01:59:21 PM »
*Cameron just removed his phpBB forum.

Meh, didn't use it anyway, got replaced with the actual site.

sk89q

  • Global Moderator
  • Autococker
  • Posts: 1049
Re: [SECURITY ISSUE] Do you run a phpBB forum??
« Reply #2 on: March 18, 2008, 04:04:20 PM »
The keywords for phpBB here are social engineering.

Although the article is very vague.

KnacK

  • Global Moderator
  • Autococker
  • Posts: 3039
Re: [SECURITY ISSUE] Do you run a phpBB forum??
« Reply #3 on: March 18, 2008, 04:08:04 PM »
 I only posted this as several years ago a phpBB forum I ran was exploited.

Smokey

  • Autococker
  • Posts: 1172
Re: [SECURITY ISSUE] Do you run a phpBB forum??
« Reply #4 on: March 18, 2008, 06:52:21 PM »
I only posted this as several years ago a phpBB forum I ran was exploited.
phpbb = RFI heaven.

jitspoe

  • Administrator
  • Autococker
  • Posts: 18802
Re: [SECURITY ISSUE] Do you run a phpBB forum??
« Reply #5 on: March 19, 2008, 02:56:28 PM »
SMF > phpBB anyway.