Hey guys,
Another jerk or group of jerks took advantage of the holiday weekend to spam a few thousand comments on the website.
These comments, due to a small security hole in one of the parsers, was able to embed an iframe on the page. It would then in turn try to target out of date versions of Flash.
We've cleaned up any of the comments that we can find, prevented any further ones from rendering, and plugged the leak in the parsers.
I'm not sure exactly what he was trying to install on machines, but I know it looks like it specifically targeted IE with Flash lower than 9 r124.
We're doing what we can to ensure that this type of attack on our users is impossible in the future. Please check your flash version, if you have a vulnerable version please run a virus scanner and try to make sure all is good.
If anyone discovers more information about what exactly they where trying to do, the effectiveness, and detection/cleanup techniques please post them in the comments.
Thank you Kaelten.
Some silly billy's on the UI/Macros forums on the wow site took your statement of "...to spam a few thousand comments on the website" to mean "comments on the Curse gaming site especially the comments on the Quest Helper addon page".
Some people have really strange leaps of logic these days. Thank you to Arrowmaster for posting on the thread in question.
curseforge and wowace
Um was this the curse site , curseforge site or wowace.com site ?
Lol, I check my version of flash: 9.0 r124
If that's not luck I don't know what is
EDIT: Ow yeah, I use Firefox, so no problem for me even if I were using an out of date version?
Hold me Kaelten :(
IE 7 saw the project page.. but tab brower(Maxthon) did not see the page... (do not run javascript, tab browers do, but not login...) (I use flash 10 and IE7)