Comments on: Follow Up To Yesterday's Mass Hack Attack

By: Expert SEO guides

Expert SEO guides — Sun, 03 Jan 2010 05:19:24 +0000

I had never thought the obviously simple ways Google works. The truth of the issue is that even though it crawls your page multiple times, it takes a tonne of work on your part to get a site to become “relevent” to the spiders. I guess this lends to my understanding of search engines.

By: celik kapi

celik kapi — Sun, 30 Aug 2009 11:12:27 +0000

Even if it is an ad, they are apparently very good at what they do. I mean, infecting this many machines this quickly just so their product is needed… they are hella smart.

By: leoo

leoo — Sat, 08 Nov 2008 03:44:08 +0000

PJ – I can tell the target of the attacks by looking at the pages that were hit.

By: Jen Hemmings

Jen Hemmings — Mon, 24 Mar 2008 15:58:54 +0000

Very interesting to have come across this article and video. It was possibly last Thursday/Friday that I was using the internet for general use. I like to read the news. During the evening, my browser would open, but would not close. This issue was quickly resolved but I still wonder what might have caused it.

By: Craig Schmugar

Craig Schmugar — Wed, 19 Mar 2008 16:51:52 +0000

I’ve responded to Henry S offline.

For those looking for more about how they can tell if they have been impacted. Compromised sites have script injected on pages.

script src="http://... .js

By: Henry S

Henry S — Tue, 18 Mar 2008 23:34:35 +0000

Hi
considering that we are getting very distressed questions from our userbase, could you please provide me with an address to get in touch with you?
We reviewed your findings and found phpBB installations where XSS vectors were obviously introduced via an SQL injection (for instance the site in the video). We also found other software, particularly a severely outdated version of a popular blogging script, to be present in all surveyed instances.

By: Aa'ed Alqarta

Aa'ed Alqarta — Tue, 18 Mar 2008 21:40:35 +0000

System admins should be ready to prevent their clients from getting exploited and redirected to those malicious domains.

check here: http://extremesecurity.blogspot.com/2008/03/iframe-attacks-actions-to-be-taken.html

By: sneakyimp

sneakyimp — Tue, 18 Mar 2008 19:59:05 +0000

Although PHPBB is mentioned numerous times, this article does not once mention how one might detect the so-called ‘phpbb exploit’ on one’s server.

Any data would be much appreciated.

By: Craig Schmugar

Craig Schmugar — Tue, 18 Mar 2008 17:00:26 +0000

Many (lay) people still consider malicious code to be a virus. Technically all viruses must self-replicate recursively. This does not mean self-execute.

The term worm is often defined as a virus that spreads by creating copies of itself (in the antivirus sense at least), as opposed to those that require a host file to parasitically infect. Network focused people still reserve the term Worm for viruses that self-execute (such as Sasser).

Non-replicating malicious code is considered to be Trojan.

So the threat in question is a Trojan, not a virus. Now if the Trojan was responsible for the phpBB pages getting compromised to then create the reference to the payload executable, which then spread to more phpBB pages, etc…then it would be considered a virus.

By: Will

Will — Tue, 18 Mar 2008 16:59:11 +0000

I’m going to echo what Tim (March 17th, 2008) wrote about this being a vague report. I’d very much like to know which version of phpBB was affected.

And BTW, the site in the demonstration still seems to be infected.