Laurie
December 28th, 2004, 07:38 PM
I admin a gaming PC Website whose forums were infected by a "padonak.info" object. "Suckit rootkit" was used to infect the web pages hosted on the server containing an additional line of code pulling in either javascript or iframe.
Culprits are listed below in Vital Security.org (http://vitalsecurity.org/sp2phase3.htm) article
From Vital Security.org:
-{ Quote: "The Xpire / Splitinfinity hackers have now apparently returned and are exploiting a well known vulnerability in earlier versions of PHPBB - only instead of defacing the front pages (as many of the recent attacks exploiting this have done), they're inserting lines of javascript code into the boards which then redirect to the new infection sites, using the same IFRAMES vulnerability. Make sure you have oranger.biz in your HOSTS file with immediate effect!
Its not redirecting all the time, but when it is, you'd better tread carefully..." }-
Heads Up Everyone!
Culprits are listed below in Vital Security.org (http://vitalsecurity.org/sp2phase3.htm) article
From Vital Security.org:
-{ Quote: "The Xpire / Splitinfinity hackers have now apparently returned and are exploiting a well known vulnerability in earlier versions of PHPBB - only instead of defacing the front pages (as many of the recent attacks exploiting this have done), they're inserting lines of javascript code into the boards which then redirect to the new infection sites, using the same IFRAMES vulnerability. Make sure you have oranger.biz in your HOSTS file with immediate effect!
Its not redirecting all the time, but when it is, you'd better tread carefully..." }-
Heads Up Everyone!