US Aviation forum compromised - VIRUS

Old May 26, 2006, 8:03 am
  #1  
Original Poster
 
Join Date: Jul 2005
Location: LHR - PHL - LHR - PHL - MAN - PHL - LHR....
Programs: US CP
Posts: 1,180
Exclamation US Aviation forum compromised - VIRUS

Did anyone else get an email from US Aviation regarding "www.christianteenforums.com?"

It refers to "http://(XXX)traffmoney1.biz/dl/loadadv608.exe" and my virus blocker caught an "invasion attempt" from trafficmoney1 when I just opened US Aviation today???

US Aviation has since sent the following email:

Do not open any links on an email you received from US Aviation earlier today. It contains a link to a virus. Our site was compromised and someone sent a fraudulent email to our members. We apologize for the inconvenience, and are working to correct the problem.
Sally4th is offline  
Old May 26, 2006, 8:06 am
  #2  
FlyerTalk Evangelist
 
Join Date: Mar 2000
Posts: 17,341
The email showed up in my box. I read it (that should be OK, right)? It seemed rather bizarre, so I presumed they had been hacked.
iahphx is offline  
Old May 26, 2006, 8:10 am
  #3  
 
Join Date: Sep 2002
Location: mystic island, nj, USA
Posts: 2,377
Hmmm,

Must be the work of __________ ? (fill in the name of your least fav exec)
PineyBob is offline  
Old May 26, 2006, 8:46 am
  #4  
 
Join Date: Apr 2000
Location: Long Island, NY
Programs: CoFounder and Chairman, FFOCUS (Frequent Flyers Organized and concerned about Unacceptable Service.
Posts: 1,341
My virus protection caught it just by trying to open US Aviation Forums. I didn't even have to open the email.

I suggest also that everyone who tried to open the forums dump their temp file folder in explorer as well.

I hope they fix it soon.
Art234 is offline  
Old May 26, 2006, 3:01 pm
  #5  
Original Poster
 
Join Date: Jul 2005
Location: LHR - PHL - LHR - PHL - MAN - PHL - LHR....
Programs: US CP
Posts: 1,180
I just opened US Aviation with no problems.

This announcement was posted:

UPDATE:

A hacker with a Dutch IP Address and Russian email address registered on our boards at 4am this morning. He was able to find a loop hole in the forum system that allowed him to post a script that gave him ADMINISTRATOR access.

He changed the source code to the forum template and sent 7000+ emails to our members. We caught it at 730am this morning.

We banned his IP address, deleted his access, and shut down new member registrations. We removed the corrupt code and sent a Virus warning message to the 7000 members. The forum creators will be upgrading the software today with security patches to prevent this from happening again. Until that happens, new member registration will not be allowed.

This was an attempt to hijack traffic from our site.

My sincerest apology to those who have been inconvenienced by this intrusion.

Kevin
Sally4th is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.