1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

35,000 vBulletin Sites Hacked Via Hole

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Oct 15, 2013.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Apr 2, 2008
    Likes Received:
    Chair moistener.
    Attackers appear to have compromised tens of thousands of web sites using a security weakness in sites powered by the forum software vBulletin, security experts warn.

    In a blog post in late August, vBulletin maker Jelsoft Internet Brands Inc. warned users that failing to remove the "/install" and "/core/install" directories on sites running 4.x and 5.x versions of the forum software could render them easily hackable.

    But apparently many vBulletin-based sites didn't get that memo: According to web site security firm Imperva, more than 35,000 sites were recently hacked via this vulnerability.

    The security weakness lets attackers quickly discover which forums are vulnerable, and then use automated, open-source exploit tools to add administrator accounts to vulnerable sites.

    Imperva said the compromised sites appear to have been hacked by one of two sets of exploit tools that have been released publicly online. The first was apparently used in a mass website defacement campaign.

    A Google search for forums with the rather conspicuously-named administrator account added in that attack ("Th3H4ck") shows that many of the hack sites are also hosting malware.

    Among the sites apparently compromised is a support forum for the National Runaway Safeline and a site selling vBulletin add-ons.

    The second tool does effectively the same thing, except with a bit more stealth:
    The administrator account that gets added to hacked forums is more innocuously named "supportvb". Here's a Google search that offers a rough idea of the forums compromised with this exploit, which was apparently authored or at least publicly released by this guy.



    AVG and Avira Web Sites Taken Over by pro-Palestinian Hackers
    Oct. 8, 2013

    There's probably nothing worse for a major company than getting hacked. Just ask Adobe.
    But when the company in question is a provider of security software, well the embarrassment factor goes through the roof. And it's definitely not good news for consumers who rely on the company's software products to keep them safe online.

    The website of AVG, makers of one of the world's most popular free anti-virus products, was apparently hacked by a pro-Palestinian group earlier today, and fellow antivirus company Avira has also just suffered the exact same fate.

    According to security expert Graham Cluley, visitors to AVG's site shortly after the attack occurred were "greeted by a patriotic rendition of the Palestinian national anthem (courtesy of an embedded YouTube video) and a message from a group calling itself 'KDMS Team'".

    • Thanks Thanks x 1
  2. drei29

    drei29 BANNED BANNED

    Sep 29, 2013
    Likes Received:
    Thanks for this information.