Malicious Spammer Alert

CurseForge

Malicious Spammer Alert

By Kaelten

Dec 1, 2008
Category Icon News
6

Hey guys,

Another jerk or group of jerks took advantage of the holiday weekend to spam a few thousand comments on the website.

These comments, due to a small security hole in one of the parsers, was able to embed an iframe on the page. It would then in turn try to target out of date versions of Flash.

We've cleaned up any of the comments that we can find, prevented any further ones from rendering, and plugged the leak in the parsers.

I'm not sure exactly what he was trying to install on machines, but I know it looks like it specifically targeted IE with Flash lower than 9 r124.

We're doing what we can to ensure that this type of attack on our users is impossible in the future. Please check your flash version, if you have a vulnerable version please run a virus scanner and try to make sure all is good.

If anyone discovers more information about what exactly they where trying to do, the effectiveness, and detection/cleanup techniques please post them in the comments.

Comments

_ForgeUser160453
- Join Date: 12/11/2006
- Posts: 20
- Member Details
#6 _ForgeUser160453

View User Profile

Send Message

Posted Dec 4, 2008
Thank you Kaelten.
Some silly billy's on the UI/Macros forums on the wow site took your statement of "...to spam a few thousand comments on the website" to mean "comments on the Curse gaming site especially the comments on the Quest Helper addon page".
Some people have really strange leaps of logic these days. Thank you to Arrowmaster for posting on the thread in question.

Rollback Post to Revision RollBack
Kaelten
- Location: false
- Join Date: 4/22/2005
- Posts: 154
- Member Details
#5 Kaelten

View User Profile

Send Message

Posted Dec 4, 2008
curseforge and wowace

Rollback Post to Revision RollBack
_ForgeUser160453
- Join Date: 12/11/2006
- Posts: 20
- Member Details
#4 _ForgeUser160453

View User Profile

Send Message

Posted Dec 4, 2008
Um was this the curse site , curseforge site or wowace.com site ?

Rollback Post to Revision RollBack
_ForgeUser1268563
- Join Date: 10/13/2008
- Posts: 4
- Member Details
#3 _ForgeUser1268563

View User Profile

Send Message

Posted Dec 4, 2008
Lol, I check my version of flash: 9.0 r124

If that's not luck I don't know what is

EDIT: Ow yeah, I use Firefox, so no problem for me even if I were using an out of date version?

Rollback Post to Revision RollBack
_ForgeUser160453
- Join Date: 12/11/2006
- Posts: 20
- Member Details
#2 _ForgeUser160453

View User Profile

Send Message

Posted Dec 2, 2008
( For some reason I feel violated :(

Hold me Kaelten :(

Rollback Post to Revision RollBack
Forge_User_81582954
- Join Date: 9/30/2008
- Posts: 1
- Member Details
#1 Forge_User_81582954

View User Profile

Send Message

Posted Dec 1, 2008
IE 7 saw the project page.. but tab brower(Maxthon) did not see the page... (do not run javascript, tab browers do, but not login...) (I use flash 10 and IE7)

Rollback Post to Revision RollBack
To post a comment, please login or register a new account.