Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on April 18, 2013, 06:28:26 PM

Title: Year old Joomla exploit being abused...
Post by: polonus on April 18, 2013, 06:28:26 PM

See here: http://ninjafirewall.com/malware/index.php?threat=2013-04-02.01
and
http://www.nonumber.nl/forum/NoNumberExtensionManager/11206-update-of-framework-plugin (reply posted by Peter van Westen (admin)
See: http://urlquery.net/report.php?id=2064082  IDS for ET POLICY Maxmind geoip check to /app/geoip.js -> http://doc.emergingthreats.net/bin/view/Main/2015878 -> credits to Gmane reporting trojan activity with this: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17952

polonus

Title: Re: Year old Joomla exploit being abused...
Post by: DavidR on April 18, 2013, 07:38:59 PM

Well the only reason it is being abused (if this exploit is a year old) surely is the lack of security awareness of web-masters and hosts not keeping their content management software updated.

Title: Re: Year old Joomla exploit being abused...
Post by: polonus on April 18, 2013, 09:05:32 PM

Hi DavidR,

Certainly this is one of the main reasons why websites get compromised - namely outdated and non patched website software.
But there are also other things that could get hopelessly wrong with for instance plug-in abuse on Joomla, see this example discussed here:
http://blog.sucuri.net/2013/04/when-good-plugins-go-bad-seo-spam-on-joomla-sites.html    (link article author = Daniel Cid)

polonus

Title: Re: Year old Joomla exploit being abused...
Post by: polonus on April 21, 2013, 07:17:06 PM

Another instance: http://urlquery.net/report.php?id=2088586
avast! Network Shield blocks effectively as URL:Mal
So we are being protected against offending IP going to  htxp://199.201.123.83/ with IP fraud ET POLICY Maxmind geoip check to /app/geoip.js

polonus