PDA

مشاهدة جميع الاصدارات : Security Issue



علي ناجي
22-01-2010, 19:56
EDIT: The issue with mazameer's forum has been resolved, as of the 29th of Jan, 2010.

I don't know if it is appropriate to post such information here in this forum, however, I find myself compelled to inform you of a security threat that is currently affecting an on-line forum. The theme of this forum is more or less related to the main theme of zamanalwasl, and thus, some of you may already frequent it. The form is: mazameer.

A malicious script has been injected into the forum to force a pdf file to be downloaded to your computer upon accessing the forum. This pdf file utilizes a flaw in IE6 (recent attacks on google) that can allow a hacker to run code remotely on your machine (open back doors, install Trojans etc...)

What you should do:
- Microsoft released a security update to this flaw yesternight. If you use Ie6, then you should download the security update asap.
OR
- Stop using IE all together and start use another browser (firefox, opera, chrome etc...)
OR
- Disable active scripting in IE6 (however, doing so will also disable other features in the forum)

Mazameer was comprimised since Wednesday, 22nd, Jan, 2010. If you visited mazameer since then, and were using IE6 and didn't have an antivirus running, then you are probably infected. You should install an anti-virus/anti-spyware/anti-trojan, and scan your pc immediately. Or even better: Format and reinstall the OS.

I also advise you to be weary of any other vb Arabic forums on-line. There is obviously a security flaw with the vb software that allowed an uploader to inject a malicious script into vb. This flaw was identified recently too (in Dec, 2009). I believe vb released an update, so, I recommend zamanaalwasl to get the update. (an attack on zamanalwasl is unlikely, thanks to the registration process :) )

Again, I apologize if this is not the appropriate place to post this information, however, I thought that you folks should know.

Ali,

أبو علاء
22-01-2010, 22:32
Thank you very much Ali for the information. If I've understood this correctly, this security failure affects more the forum users (particularly those who use internet explorere 6) than the forum itself, right? Anyway, as far as we are concerned, I've noticed the security patch from vbulletin and installed it a few days ago. Thanks again.

علي ناجي
23-01-2010, 00:03
Yes, you are correct: forum users using IE6 are the main target of this attack.

You are welcome.