The H-Online: Online forums have, for some time, apparently been the target of hackers who inject additional code. However, the attackers aren鈥檛 interested in publishing cool slogans or political messages, they鈥檙e looking for money. They steal Google traffic from the forums and exploit this traffic via ads. Their main targets appear to be forums that are based on the vBulletin software. ...
The H-Security: In a blog posting, the MyBB development team has confirmed that the download package for version 1.6.4 of MyBB had been modified to include malicious code. Unknown attackers were able to exploit a vulnerability in the MyBB web site鈥檚 CMS (content management system) to inject and execute PHP code. The attackers placed a contaminated version of MyBB, containing a backdoor, on the server. It is unclear exactly when the hack took place, meaning that all downloads of 1.6.4 prior to 6 October could be affected. Users with MyBB systems are advised to check their installations and apply a patch. For rapid disinfection, the developers are advising users to replace the /index.php file with a clean version and to delete the /install/ directory. ...