Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


phpnuke.org Website Hijacked to Serve Malware: Websense

The ThreatSeeker Network of Websense Security Labs is warning that the well-known website phpnuke.org is under hackers' control and is serving multiple exploits.

Explained the security researchers that PHP-Nuke at one time functioned as open-source software; however, currently it's used for commercial purposes. Yet it continues to be widely used while its chief online site makes useful resources available for end-users. Consequently, it's hardly astonishing that blackhat attackers are targeting it.

Meanwhile, elaborate reports available on the hack suggest that the attackers inserted a malevolent iframe into phpnuke.org website. This iframe takes control of the web-browser that then opens a malicious website on which many iframe diversions land users on an extremely obfuscated web-page. Moreover, attackers in this scam have used the Eleonore attack code for disseminating the malware.

Websense noted that the hackers have been attempting at using two reported security flaws within Internet Explorer (IE) along with another one affecting Adobe Reader.

By exploiting the IE flaws, a Trojan horse is downloaded that on execution makes the PC visit multiple malevolent sites and possibly pull down additional malware.

On the other hand, the Adobe Reader flaw is related to a PDF exploit, which is a mix of 3 exploits.

According to the researchers, at first the JavaScript within an HTML page examines whether it's possible to exploit Adobe Reader. For this, it checks if the version number of the application is within 7 and 7.1.4; 8 and 8.1.7, or 9 and 9.4. Once the exploit finds a flawed version, it pulls down the malevolent PDF and as Adobe Reader installs it, the malevolent ActionScript inside the PDF automatically starts running. The ActionScript, which is obfuscated, uses any of the 3 exploits within the PDF file, the researchers reported. Help Net Security reported this on May 10, 2010.

Successful execution of the exploits leads to the download and installation of the earlier stated Trojan.

Websense also highlighted that as per VirusTotal, 12% of anti-virus solutions detected the downloaded executable.

Meanwhile, the security company has cautioned that users must not access the phpnuke.org website till it is fixed and stops serving malware.

ยป SPAMfighter News - 5/20/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page