Older Hacking Methods Still Used To Capture Forums
By Dan Morrill
If you are running a Simple Machines Forum, there is a new hack making the rounds, and it is enough to turn your forum into something you no longer control. The hack first showed up May 01 2009, and has been gaining steam over the last couple of days. If you run the software, make sure you follow the cleaning instructions.
The hack injects php code into the settings file, and will then proceed to try to inject the malware into as many other files as possible. The key names that the hacker uses is Krisbarteo and MagicOPromotion so if your SMF system has either of those accounts, you need to head on over to the simple machines forum and read this thread. Patches are on the way, but in the mean time, there is little you can do to keep from becoming infected sort of changing file permissions and trying to clean up the mess before you get banned in Google as a malware site, that is a completely separate issue.
April Russo over on FriendFeed is hat tipped for posting the alert for everyone to see, and she also posted a quick Google hack to find out how many sites Google see’s as having the Krisbarteo user, with over 300 of them in the Google index. While not a lot, the potential for mayhem is here. It is also good to see that SMF is actively working with the community of users and being completely transparent on how this hack works. Kudos to SMF for working hard to fix the issues, and address the community.
What is interesting is that the hacker is using an older 2008 method for taking over the system, a masked file with PHP code, that has the extension JPG or GIF. This is one of the reasons why you want to make sure that systems do not execute code that is coming in from another direction. This is a classic hacker trick, and has been used successfully for years. In the mean time, follow the thread and follow the cleaning instructions on the SMF forum.
About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
archives | advertising info | news headlines | newsletters | comments/feedback | submit article