SpywareTerminator Forum Appears to be hacked

Discussion in 'other security issues & news' started by Tarq57, Sep 8, 2007.

Thread Status:
Not open for further replies.
  1. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Got a suspicious email, purporting to be from forums@spywareterminator. Text reads:
    Sure enough, attempting to connect to ST forum (after taking suitable browser-related precautions) redirects to netdevilz.
    Since precautions were taken, I have no idea if there are any exploits attempting to run from this page. That I shall leave to the experts. It seems somewhat likely, though.
    (Also posted in "Other anti-malware software".)
     
  2. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Ditto here. Have not noticed anything strange yet (KIS 7 & ProSecurity running here) but will probably initiate a full system scan later just to check.

    HAs anyone advised Crawler that this is happening?
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    At this moment in time no. They are simply re-directing those that visit the forum to the netdevilz site without any delay(content='0)....by using http-equiv as part of the HTML META Tags that is placed in the SpywareTerminator Forums html code. However they could conceivably change the content-type to something other than url.

    update:

    It appears to only be on page one of the forum and a thread has been created on the forum concerning this matter.

    Being cautious for awhile would still be prudent IMHO in visiting that site .

    http://forum.spywareterminator.com/Default.aspx?g=posts&t=3036

     
    Last edited: Sep 8, 2007
  4. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    I too just received the same email from spywareterminator, which is rather strange since I used it for a few days a long time ago and never before received an email from them.
     
  5. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Was it some person calling themselves "alone"? I got a pm on the ST forums from him, which I suppose may have done something if I used IE, in firefox it did nothing... and I got an email from him, the link therein also did nothing in firefox... in IE it downloaded a file called a.js
    I have no idea what that file does, as I saved rather than ran it.
    Vtotal pronounced it clean, Avira is yet to get back to me...
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    If some group was successful in hacking the forums, whats the chances they could also hack the server which serves the downloads for ST?

    Anyone?

    Fair question i think.
     
  7. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    I thought a fair question, too. I actually disabled auto updates for ST, just in case, but to tell the truth feel slightly silly about it, now. Different application, totally. The forums are "Yet Another Forum" which, apparently, is somewhat vulnerable to this. I'm pretty certain the application server has nothing to do with it.

    [edit] BTW, all seems normal, now.
     
  8. Tokar

    Tokar Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    81
    It appears that it was a simple exploit hack which exploits a vulnerability in older versions of YetAnotherForum.net board software. Everything is fixed for now.
     
Loading...
Thread Status:
Not open for further replies.