Another 0-day Exploit?


Recommended Posts

By Gregg Keizer, TechWeb News

Botnet controllers may be planning a large-scale attack against message forums, TechWeb has learned.

The SANS Institute's Internet Storm Center (ISC) noted that a bot going by the name "FuntKlakow" has registered on thousands of phpBB forums. Speculating, ISC analyst Marcus Sachs noted that the bot's owner(s) may be preparing to exploit a zero-day vulnerability against the popular php bulletin board software.

"We might be chasing a ghost here but it's always good to be on the lookout for something like this," wrote Sachs in an alert on the ISC site Sunday.

Sachs linked to the original posting about the attack possibility. That posting added that on most boards the FuntKlakow bot had only registered, but that it was capable of posting messages.

A Google search for "FuntKlakow" suggested that the bot may have created accounts on more than 36,000 forums. Some of the forums show messages such as "Oh, how nice" and "Wow, I didn't think of that."

"Next time the phpBB announces a critical vulnerability, the bot would have everything ready (just a post click away) from attacking thousands of sites/forums," the original post read.

U.K.-based security and Web measurement company Netcraft added in a Monday alert that the phpBB software has been hit with several security problems, including a January hack of Advanced Micro Devices' (AMD) php-driven support forums that planted malicious code on visitors' machines.

Full Article here.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...