[joe5]

AMD Hack Points to Widespread Web Forum Flaws, Attacks


Malicious hackers are increasingly targeting security vulnerabilities in open-source software that runs bulletin boards and online forums, according to Internet monitoring firm Netcraft.

The unpatched holes, in open-source software like phpBB, PostNuke, and Mambo are being used to take control of powerful servers for denial of service attacks and phishing scams.


Poor deployment of security patches by administrators and the growing popularity of programs like phpBB are to blame, Netcraft said.

On Jan. 30, a bulletin board run by chip maker AMD was compromised by hackers and was used to distribute malicious code.

Those who visited the site, forums.amd.com, were prompted to download a file that exploited a recently patched vulnerability in Windows code used to process WMF (Windows Meta File) format image files, according to anti-virus firm F-Secure Inc. in Helsinki.
An AMD spokesperson said the problem was identified and resolved on Jan. 30.


The company does not know of any bulletin board users who were infected after visiting the site, she said.
The exploit on AMD's bulletin board used an HTML iFRAME command to direct victims to a malicious Website, tooldollars.biz, that installed malicious downloader programs, said Ken Dunham, director of malicious code research at iDefense in Reston, Va.


iDefense has documented a surge in reports of vulnerabilities in bulletin boards and similar applications in the last two years, Dunham said.

One problem is the large number of holes in PHP, a computer scripting language that is commonly used in Web development.

Open-source products like phpBB use the PHP language to create online forums that integrate with backend databases like MySQL and Oracle.

Holes in PHP applications have become more enticing targets as those applications have gained in popularity online, Dunham said.

The increasing involvement of organized crime in hacking has also increased interest in online bulletin boards because they are an excellent tool for distributing malicious code, as the AMD hack illustrates, Dunham said.

"It's about exposure and opportunity. If you hack a bulletin board or a blog, lots of visitors come to that site," he said.
Netcraft said that compromised Web forums were used to host more than 600 phishing Web sites in 2005.


More here:
http://www.eweek.com/article2/0,1895,1918295,00.asp