AVAST forum hacked!

[lusher]

According to http://www.wilderssecurity.com/showthread.php?t=183634

The AVAST forum was hacked and an iframe was inserted to some malicious site that was using a security exploit to install malware!

They pulled the forum offline now, but I was nearly hit, when I visited the forum yesteday, I got a message from my antivirus, I thought it was a FP , but just quarantined it anyway and thought nothing of it and then continued on my way. But I guess I was wrong!

I guess you must never let your guard down, even in 'trusted' sites. If you can't trust antivirus sites, who can you trust?

Oh yeah they pulled the forum down now. But it was on there for at least 24 hours...

 

[jadinolf]

Yep.

It's back in business.

It's a forum I seldom visit because I never have problems with avast!

 

[John]

Maybe they'll stop using the unsecure phpBB and switch to vBulletin.

 

[mechBgon]

non-Admin user accounts FTW! (again)


(sorry, could not stop myself)


That's pretty interesting, thanks for the heads-up lusher. Looking at the thread, I see the mediacount.net domain is involved, which probably means a combination StormWorm aka Zhelatin spambot infection, plus BraveSentry, plus a pr0n dialer (pic 1, pic 2).

 

[Mem]

Their thread here on the subject apperantly Opera and Firefox owners were safe .

Basically something hacked the forum Simple Machines PHP software injecting an iframe tag in to each page as it was loaded, that page tried to infect users with the storm worm. Those with Firefox or Opera weren't vulnerable but those with IE or a clone were vulnerable to attack, however the web shield blocked that attack.

See this topic where I documented the problem, http://forum.avast.com/index.php?topic=30118.0.

.

 

[mechBgon]

Since the mediacount.net gang use batteries of exploits that adapt to what you're using, I wouldn't be too sure that FF/Opera users are arbitrarily immune Based on what I've observed from these guys in the past (<-- NSFW), my suggestions for Windows users would be to

1) eliminate all unnecessary software from your computers completely, including Sun Java, all versions. If you don't actually use something, get rid of it.

2) check your remaining software for known vulnerabilities at least monthly, using Secunia's Personal Software Inspector, Microsoft Update and Office Update.

3) use a non-Admin user account.

4) enable full Data Execution Prevention :camera:.

5) don't let anyone else onto your system's Adminstrator-class user accounts.

6) if you have Vista, leave User Account Control enabled.

7) Whether you routinely use Internet Explorer or not, upgrade to IE7 for better system security.


Now use any browser you prefer

 

[surikas]

Lol. Never thought such a site/forum could be hacked!
And mechBgon thanks for the tips!