Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

phpnuke.org Website Hijacked to Serve Malware: Websense

The ThreatSeeker Network of Websense Security Labs is warning that the well-known website phpnuke.org is under hackers' control and is serving multiple exploits.

Explained the security researchers that PHP-Nuke at one time functioned as open-source software; however, currently it's used for commercial purposes. Yet it continues to be widely used while its chief online site makes useful resources available for end-users. Consequently, it's hardly astonishing that blackhat attackers are targeting it.

Meanwhile, elaborate reports available on the hack suggest that the attackers inserted a malevolent iframe into phpnuke.org website. This iframe takes control of the web-browser that then opens a malicious website on which many iframe diversions land users on an extremely obfuscated web-page. Moreover, attackers in this scam have used the Eleonore attack code for disseminating the malware.

Websense noted that the hackers have been attempting at using two reported security flaws within Internet Explorer (IE) along with another one affecting Adobe Reader.

By exploiting the IE flaws, a Trojan horse is downloaded that on execution makes the PC visit multiple malevolent sites and possibly pull down additional malware.

On the other hand, the Adobe Reader flaw is related to a PDF exploit, which is a mix of 3 exploits.

According to the researchers, at first the JavaScript within an HTML page examines whether it's possible to exploit Adobe Reader. For this, it checks if the version number of the application is within 7 and 7.1.4; 8 and 8.1.7, or 9 and 9.4. Once the exploit finds a flawed version, it pulls down the malevolent PDF and as Adobe Reader installs it, the malevolent ActionScript inside the PDF automatically starts running. The ActionScript, which is obfuscated, uses any of the 3 exploits within the PDF file, the researchers reported. Help Net Security reported this on May 10, 2010.

Successful execution of the exploits leads to the download and installation of the earlier stated Trojan.

Websense also highlighted that as per VirusTotal, 12% of anti-virus solutions detected the downloaded executable.

Meanwhile, the security company has cautioned that users must not access the phpnuke.org website till it is fixed and stops serving malware.

ยป SPAMfighter News - 20-05-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next