Forum

The H-Online: Online forums have, for some time, apparently been the target of hackers who inject additional code. However, the attackers aren’t interested in publishing cool slogans or political messages, they’re looking for money. They steal Google traffic from the forums and exploit this traffic via ads. Their main targets appear to be forums that are based on the vBulletin software. Unlike the “Look how cool I am” crackers, these attackers have very discreet working methods. They hide their code deeply within the system and ensure that their redirections don’t attract much attention. Only users who visit forum pages for the first time via a search engine such as Google are redirected to a url123.info URL. This site initially displays a strange blocking alert (“Access denied”) followed by some arbitrary text and then loads a full-page ad by InfinityAds. The ads are probably a direct source of income for the intruders even though each ad is only worth a few pennies. However, as some forum operators have reported that their traffic has dropped by more than 70 per cent, and the phenomenon seems to be a rather wide-spread one, the overall yield is likely to be considerable. ...

The H-Security: In a blog posting, the MyBB development team has confirmed that the download package for version 1.6.4 of MyBB had been modified to include malicious code. Unknown attackers were able to exploit a vulnerability in the MyBB web site’s CMS (content management system) to inject and execute PHP code. The attackers placed a contaminated version of MyBB, containing a backdoor, on the server. It is unclear exactly when the hack took place, meaning that all downloads of 1.6.4 prior to 6 October could be affected. Users with MyBB systems are advised to check their installations and apply a patch. For rapid disinfection, the developers are advising users to replace the /index.php file with a clean version and to delete the /install/ directory. ...