US Aviation forum compromised - VIRUS
#1
Original Poster
Join Date: Jul 2005
Location: LHR - PHL - LHR - PHL - MAN - PHL - LHR....
Programs: US CP
Posts: 1,180
US Aviation forum compromised - VIRUS
Did anyone else get an email from US Aviation regarding "www.christianteenforums.com?"
It refers to "http://(XXX)traffmoney1.biz/dl/loadadv608.exe" and my virus blocker caught an "invasion attempt" from trafficmoney1 when I just opened US Aviation today???
US Aviation has since sent the following email:
Do not open any links on an email you received from US Aviation earlier today. It contains a link to a virus. Our site was compromised and someone sent a fraudulent email to our members. We apologize for the inconvenience, and are working to correct the problem.
It refers to "http://(XXX)traffmoney1.biz/dl/loadadv608.exe" and my virus blocker caught an "invasion attempt" from trafficmoney1 when I just opened US Aviation today???
US Aviation has since sent the following email:
Do not open any links on an email you received from US Aviation earlier today. It contains a link to a virus. Our site was compromised and someone sent a fraudulent email to our members. We apologize for the inconvenience, and are working to correct the problem.
#2
FlyerTalk Evangelist
Join Date: Mar 2000
Posts: 17,458
The email showed up in my box. I read it (that should be OK, right)? It seemed rather bizarre, so I presumed they had been hacked.
#3
Join Date: Sep 2002
Location: mystic island, nj, USA
Posts: 2,377
Hmmm,
Must be the work of __________ ? (fill in the name of your least fav exec)
Must be the work of __________ ? (fill in the name of your least fav exec)
#4
Join Date: Apr 2000
Location: Long Island, NY
Programs: CoFounder and Chairman, FFOCUS (Frequent Flyers Organized and concerned about Unacceptable Service.
Posts: 1,341
My virus protection caught it just by trying to open US Aviation Forums. I didn't even have to open the email.
I suggest also that everyone who tried to open the forums dump their temp file folder in explorer as well.
I hope they fix it soon.
I suggest also that everyone who tried to open the forums dump their temp file folder in explorer as well.
I hope they fix it soon.
#5
Original Poster
Join Date: Jul 2005
Location: LHR - PHL - LHR - PHL - MAN - PHL - LHR....
Programs: US CP
Posts: 1,180
I just opened US Aviation with no problems.
This announcement was posted:
UPDATE:
A hacker with a Dutch IP Address and Russian email address registered on our boards at 4am this morning. He was able to find a loop hole in the forum system that allowed him to post a script that gave him ADMINISTRATOR access.
He changed the source code to the forum template and sent 7000+ emails to our members. We caught it at 730am this morning.
We banned his IP address, deleted his access, and shut down new member registrations. We removed the corrupt code and sent a Virus warning message to the 7000 members. The forum creators will be upgrading the software today with security patches to prevent this from happening again. Until that happens, new member registration will not be allowed.
This was an attempt to hijack traffic from our site.
My sincerest apology to those who have been inconvenienced by this intrusion.
Kevin
This announcement was posted:
UPDATE:
A hacker with a Dutch IP Address and Russian email address registered on our boards at 4am this morning. He was able to find a loop hole in the forum system that allowed him to post a script that gave him ADMINISTRATOR access.
He changed the source code to the forum template and sent 7000+ emails to our members. We caught it at 730am this morning.
We banned his IP address, deleted his access, and shut down new member registrations. We removed the corrupt code and sent a Virus warning message to the 7000 members. The forum creators will be upgrading the software today with security patches to prevent this from happening again. Until that happens, new member registration will not be allowed.
This was an attempt to hijack traffic from our site.
My sincerest apology to those who have been inconvenienced by this intrusion.
Kevin