Got a suspicious email, purporting to be from forums@spywareterminator. Text reads:
-{ Quote: "Hacking & Security Forums / Turkey

-- Yet AnotherForum.net Bugs in the page soon --

hxxp://netdevilz.org

We wait for


---
avast! Antivirus: Inbound message clean.
Virus Database (VPS): 000773-2, 07/09/2007
Tested on: 9/8/2007 9:50:14 p.m.
avast! - copyright (c) 1988-2007 ALWIL Software.
http://www.avast.com
" }-
Sure enough, attempting to connect to ST forum (after taking suitable browser-related precautions) redirects to netdevilz.
Since precautions were taken, I have no idea if there are any exploits attempting to run from this page. That I shall leave to the experts. It seems somewhat likely, though.
(Also posted in "Other anti-malware software".)

Ditto here. Have not noticed anything strange yet (KIS 7 & ProSecurity running here) but will probably initiate a full system scan later just to check.

HAs anyone advised Crawler that this is happening?

-{ Quote: "I have no idea if there are any exploits attempting to run from this page" }-At this moment in time no. They are simply re-directing those that visit the forum to the netdevilz site without any delay(content='0)....by using http-equiv as part of the HTML META Tags (http://vancouver-webpages.com/META/metatags.detail.html) that is placed in the SpywareTerminator Forums html code. However they could conceivably change the content-type to something other than url.

-{ Quote: "span class="subforumheading"><meta http-equiv='refresh' content='0; url=http://www.netdevilz.org/yet.html'></span" }-update:

It appears to only be on page one of the forum and a thread has been created on the forum concerning this matter.

Being cautious for awhile would still be prudent IMHO in visiting that site .

http://forum.spywareterminator.com/Default.aspx?g=posts&t=3036

-{ Quote: "Posted: Saturday, September 08, 2007 5:59:15 AM

When I entered ST forum. I get this redirect!!!

http://www.netdevilz.org/yet.html

What the hell is going on!!!!" }-

I too just received the same email from spywareterminator, which is rather strange since I used it for a few days a long time ago and never before received an email from them.

Was it some person calling themselves "alone"? I got a pm on the ST forums from him, which I suppose may have done something if I used IE, in firefox it did nothing... and I got an email from him, the link therein also did nothing in firefox... in IE it downloaded a file called a.js
I have no idea what that file does, as I saved rather than ran it.
Vtotal pronounced it clean, Avira is yet to get back to me...

If some group was successful in hacking the forums, whats the chances they could also hack the server which serves the downloads for ST?

Anyone?

Fair question i think.

I thought a fair question, too. I actually disabled auto updates for ST, just in case, but to tell the truth feel slightly silly about it, now. Different application, totally. The forums are "Yet Another Forum" which, apparently, is somewhat vulnerable to this. I'm pretty certain the application server has nothing to do with it.

[edit] BTW, all seems normal, now.

It appears that it was a simple exploit hack which exploits a vulnerability in older versions of YetAnotherForum.net board software. Everything is fixed for now.