Page 1 of 1

Unexpected downtime this weekend

Posted: Tue Oct 02, 2007 6:02 pm
by dhn
Unfortunately experienced unexpected downtime which led to the maintenance that many of you noticed.

The cause of this downtime is injected code pointing to a malicious website, that would cause users to download malware. A secondary incident was also discovered during the course of the investigation that showed that phishing and spam related files were uploaded to the server at one point, and were active.

This injected code contained no fewer than 5 different exploits to serve up malware for both Internet Explorer and Firefox/Netscape. While this did not appear to actually infect people, we highly recommend users run anti-virus software as a precaution. The downside to this is that the malware is poorly detected by anti-virus products, so be sure to update your anti-virus definitions prior to running the scan on your computer. The exploits span 3-4 years of vulnerabilities, so if you have not already, we encourage you to run updates on your operating system. If you wish to be sure that you were not affected by this malware, you can easily check manually. A list of files involved with this malware (though not a complete list) are below:
  • C:\popupkiller\popupKiller.exe
  • C:\WINDOWS\system32\winavxx.exe
Symptoms of an infection with this malware will include being unable to launch task manager, modified Internet Explorer security settings, modified homepage on Internet Explorer, and unable to launch control panel. These are not the only symptoms, but do give a guide to go by. If you are infected, we recommend finding a computer repair shop. This is most unfortunate, but again, we do not know of any infections as a result of this compromise.

We also encourage users to change their passwords, because of the potential for compromised passwords in incidents like these, or any incident.

We cannot impress on the community enough that this does not appear to be fault of the phpBB software in any way, shape, or form. With thanks to those involved in the incident investigation process, the entry point appears to be due to a third-party product. We are taking steps to ensure this does not happen again, and we thank the community for being understanding during this unexpected outage.

the phpBB Team