phpnuke.org Website Hijacked to Serve Malware: Websense
The ThreatSeeker Network of Websense Security Labs is warning that the well-known website phpnuke.org is under hackers' control and is serving multiple exploits.
Explained the security researchers that PHP-Nuke at one time functioned as open-source software; however, currently it's used for commercial purposes. Yet it continues to be widely used while its chief online site makes useful resources available for end-users. Consequently, it's hardly astonishing that blackhat attackers are targeting it.
Meanwhile, elaborate reports available on the hack suggest that the attackers inserted a malevolent iframe into phpnuke.org website. This iframe takes control of the web-browser that then opens a malicious website on which many iframe diversions land users on an extremely obfuscated web-page. Moreover, attackers in this scam have used the Eleonore attack code for disseminating the malware.
Websense noted that the hackers have been attempting at using two reported security flaws within Internet Explorer (IE) along with another one affecting Adobe Reader.
By exploiting the IE flaws, a Trojan horse is downloaded that on execution makes the PC visit multiple malevolent sites and possibly pull down additional malware.
On the other hand, the Adobe Reader flaw is related to a PDF exploit, which is a mix of 3 exploits.
Successful execution of the exploits leads to the download and installation of the earlier stated Trojan.
Websense also highlighted that as per VirusTotal, 12% of anti-virus solutions detected the downloaded executable.
Meanwhile, the security company has cautioned that users must not access the phpnuke.org website till it is fixed and stops serving malware.
» SPAMfighter News - 20-05-2010