Avast WEBforum
Other => General Topics => Topic started by: FreewheelinFrank on March 22, 2008, 05:43:28 PM
-
Attempts to access the forum were being diverted to a web page that never seemed to load on a hacked Turkish music site.
hxxp://www[dot]canlimuzik[dot]org/msn[dot]html
Was the forum itself hacked?
This was just before the English forum disappeared to be replaced by the Czech one.
Was the page above an exploit?
Nothing seemed to load on Ubuntu.
-
Where's the rest of your post? ;)
-
Sorry. Hit the wrong key somewhere. :-[
-
I'd just like to hear your comment on the appearance of the forum.
-
This was the message on canlimusic.org:
sitemiz bir hacker tarafýndan saldýrýya ugramýstýr.onlemler alýnana kadar kapalý kalacaktýr.
Our site has been attacked by a hacker. It will remain closed until measures have been taken.
-
http://forum.avast.com/index.php?topic=34038.0
-
I'd just like to hear your comment on the appearance of the forum.
My experience was that the forum address was being diverted to the site above for several minutes, before the Czech forum came up in it's place. My guess is the English forum got hacked and hastily taken off line.
No page seemed to load from the divert address. It was impossible to scan with Link Scanner, and I couldn't view the source.
I wonder what was going on? ???
-
I did a nice scan of my pc with superantispyware shortly after i released something "odd" was happening and even decided to temp enable NoScript xD
--lee
-
http://forum.avast.com/index.php?topic=34038.0
Yes, I noticed that thread, but nobody had mentioned the forum being diverted to a suspicious page.
A possible forum hack seemed to be worse that a bit of Czech appearing on the forum, and worth it's own thread (and a dramatic headline!).
-
The divert site was malicious:
-
Okay I changed the name of my origonal post. I wasn't redirected to any other place than the czech forum, so I must have been after you. If I would have, I would have mentioned it.
I wonder if the name has to be used to prevent the redirect?
-
Looks like forum visitors were exposed to an exploit, unfortunately one that avast! doesn't catch.
It a VBS exploit, which means that anyone with an out of date version of MS IE who happened to visit at that time has probably got pwned.
No idea what's causing the residual bit of Czech. Alwial staff will have to confirm what went on.
-
Attempts to access the forum were being diverted to a web page that never seemed to load on a hacked Turkish music site.
hxxp://www[dot]canlimuzik[dot]org/msn[dot]html
Yes... Google stopped the hijacking...
I've tested Firefox and IE, Vista and Kubuntu...
-
K9 would block it as being Spyware/Malware Source and Pornography...
Again layered defense protect us when avast seems to fail...
-
anyone with an out of date version of MS IE who happened to visit at that time has probably got pwned.
Imba firefox!
Anyway, glad to see most people didn't get hit by the exploits end intention, but anyone who did visit here and wasn't patched will prob be back with hijackthis/combofix logs soon ::)
Again layered defense protect us when avast seems to fail...
Avast not officially a spyware scanner till 4.8 right? xD
--lee
-
To the ones that defend LinkScanner and says that Grisoft was far behind avast using LinkScanner technology... :P
-
Again layered defense protect us when avast seems to fail...
:-\
Dr. Web got it while LinkScanner didn't find anything ::)
-
Confirmed hack.
Somebody's boasting about it already:
-
what site is that frank?
--lee
-
Confirmed hack.
Shame!
Forums security comprised (again) >:( >:(
-
what site is that frank?
-
Thank you Frank :-*
Forums security comprised (again)
Unfortunately whats made by humans can be broken by humans xD
--lee
-
Hmm... maybe it's time to change SMF (the forum software) to something else (?)
-
Shame!
Avira added 'HTML/Rce.Gen' at 7.06.00.53 ( 24/01/2008 ) :-[
Should i discontinue online banking?
-
Shame!
Avira added 'HTML/Rce.Gen' at 7.06.00.53 ( 24/01/2008 ) :-[
Should i discontinue online banking?
I don't understand the question...
-
Hmm... maybe it's time to change SMF (the forum software) to something else (?)
Maybe you can convince Pavel or Kubecj...
-
Anyway, glad to see most people didn't get hit by the exploits end intention, but anyone who did visit here and wasn't patched will prob be back with hijackthis/combofix logs soon ::)
What patch? How can i find out if i was hit or not? ;)
Edit: I saw the czech forum.
-
It used a 1.5 year old vulnerability in Windows.
Unless your browser is way outdated, you should be safe.
http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
-
Shame!
Avira added 'HTML/Rce.Gen' at 7.06.00.53 ( 24/01/2008 ) :-[
Should i discontinue online banking?
No,maybe you should use Avira.I think for a AV forum,to be hacked,twice,in the space of several months,is a joke.Its amateurish,thankfully,I surf with Sandboxie,so any shit,I get from this forum,is washed away.
-
Dear Avast Forum Gurus,
Is anyone infected with anything - or did anyone pick up anything dangerous from the forum hack?
I also noticed after entering 'forum.avast.com' that I was directed to the Czech version of the Avast forum.
I didn't see the other 'diversion' website mentioned in this thread.
I use Windows XP Pro fully patched, Firefox 2.0.0.12, Avast Pro 4.7.1098, ZoooneAlarm Pro 7.0.470.000, super anti spyware, spybot, ad-aware, AVG anti-rootkit, AVG anti-spyware, A-squared, Super Anti-Spyware, F-Secure Blacklight and Spybots RootAlyzer.
Should I scan my computer additionally to the weekly scans I do? Given that I also was presented with the Czech version?
Thanks for your help!!!!!!!!
And Happy Easter!!!!!!
Avastfan1
-
KB911562 was a part of update pack 2.14, so i should be patched 8)
-
Should I scan my computer additionally to the weekly scans I do? Given that I also was presented with the Czech version?
Don't worry... keep your weekly scans as usual...
-
Hi Avastfan1,
I missed all of the hack recently, being securely transferred to the Czech forum during the afternoon. Running NoScript inside Firefox should have protected you. I was there during the previous IFrame hack last year, but it brought me no harm and real data weren't being compromised. But it shows that certain software becomes more and more vulnerable to re-directed compromise: http://www.gnucitizen.org/blog/the-10000-sites-js-malware-source-code-leaked/
I trust our mods to do what they have to do!
pol
-
No,maybe you should use Avira.I think for a AV forum,to be hacked,twice,in the space of several months,is a joke.
:o
I'm surprised that AVG got it :-X
-
You're hacked by Turkish Hackers.. They are members of www.cyber-warrior.org
But they are only member.. So you are not hacked by Cyber-warrior.Org, hacked by some members ( Volqan- Ekin0x )
This is link;
http://www.cyber-warrior.org/forum/display_topic_threads.asp?ForumID=31&TopicID=250317&PagePosition=1&ThreadPage=1
(Note: Cyber-Warrior.Org is best hacker group in the world from Turkiye, so be careful ;) )
-
Mirror link
http://www.zone-h.org/component/option,com_mirrorwrp/Itemid,160/id,7223775/
-
Beat you to it:
http://forum.avast.com/index.php?topic=34039.msg284684#msg284684 (http://forum.avast.com/index.php?topic=34039.msg284684#msg284684)
-
Ok i saw; they said that have loved Kasper :D
-
Hi cw.org,
Just helped a user from Turkey here with a malware problem. He was rather grateful when his machine was clean again. We do not deserve to be hacked. But maybe it had nothing to do with the mission of the site offering forum help, but all with a weakness in the forum software. They can be qualified hackers, but not very ethical at that,
polonus (malware fighter)
-
It may not have been "ethical", but it sure showed us the forum can be exploited if people want to exploit it, fix the problem! ;D
--lee
-
It may not have been "ethical", but it sure showed us the forum can be exploited if people want to exploit it, fix the problem! ;D
--lee
Fully agree Lee.
This is the second attack neither of which did any damage but who needs the annoyance. >:(
-
This thread is funnier than the Sunday comics.
;D
-
Hmm... maybe it's time to change SMF (the forum software) to something else (?)
There really isn't much of a safer alternative. Secunia.com lists plenty of vulnerabilities in all the major forum softwares (though most are patched) with SMF having the least. SMF has no publicized unpatched vulnerabilities.