Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 12th, 2008

Half-Million Sites Mostly Running PHPBB Forum Software Hacked In Latest Attack

More than half a million websites have been compromised in a new round of attacks that hacked domains in order to infect unsuspecting users’ PCs with a variety of trojans. This ongoing campaign includes new malware hosting domains and new trojans variations. All of the sites are running older or misconfigured versions of “phpBB,” an open-source message forum manager. Open-source popular applications like phpBB tend to be often targeted by mass scanning and exploiting tools.

Visitors to a hacked site are redirected through a series of servers, some clearly compromised themselves, until the last in the chain is reached; that server then pings the PC for any one of several vulnerabilities, including bugs in both Microsoft’s Internet Explorer and RealNetworks RealPlayer media player. If any of the vulnerabilities is present, the PC is exploited and malware is downloaded to it.

Some of the compromised sites have been hijacked before, some had recently been used for keyword search ranking manipulation, and some to serve fake pharmaceuticals spam or malware.

This compromise is almost similar to the mass compromises that we’ve reported earlier. Visiting a compromised site leads to a series of redirections, which eventually causes the downloading of malware. In this case, TROJ_ZLOB.CCW is on the tail-end. This variant poses as a video codec installer.

The Trojans detected are TROJ_DNSCHANG.CS, TROJ_ALUREON.AE, TROJ_ALUREON.AH, TROJ_ALUREON.AI. These types of Trojans are known for changing an affected system’s local DNS and Internet browser settings, thus making the system vulnerable for even more potential threats. It also seems more than just one piece of malware is being served.

The last massive site attack was less than three weeks ago, when sites that included government URLs in the U.K. and some domains operated by the United Nations were hacked. At the time, some researchers said that bugs in Microsoft’s SQL Server or Internet Information Services server software were to blame. A few days later, however, Microsoft denied responsibility.

According to Trend Micro, site infections will not stop anytime soon. As long as attacks are tied to site development and as long as sites don’t secure their content, there will be more attacks of this kind.

Users are advised to display extra caution when browsing Web sites, and ensure their security software is up to date.

Recently testking has laid a lot of stress on students preparing for 350-018 and 70-297 to prepare against viral attacks as well. A 640-816 professional as well as a 156-215 professional knows well about the measures and those in 70-648 also have an idea.

Share this item with others:

More on CyberInsecure:
  • Yesterday’s Mass Hack Attack
  • phpBB Open Source Bulletin Board Hacked, 28,000 Passwords Out Of 400,000 Accounts Cracked And Published
  • Hacked And Defaced
  • iPhone 2.0 Unlocked Before The Release
  • Scareware Affiliates Manipulate Search Engines Resuts By Using Black-hat SEO Techniques

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Half-Million Sites Mostly Running PHPBB Forum Software Hacked In Latest Attack

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.