Software’s Vulnerability Leads To Thousands Of Hacked Websites

Weak link

Whether or not you’ve ever heard of vBulletin, you’ve likely visited a site that uses it. The software is designed for internet forums and distributed by Internet Brands Inc. As Brian Krebs reports on his security blog, a recent announcement from Internet Brands warned vBulletin users to the directories “/install” and “/core/install” from sites using the 4.x and 5.x versions of the software. This would close a security flaw. Unfortunately, 35-thousand sites failed to comply and were hacked via this vulnerability.

For sites that failed to remove the directories, hackers were able to easily find vulnerable forums and add malicious administrator accounts. Once they have administrator access to a site, a criminal has a number of harmful options.

A spokesman for vBulletin claims the 4.2.2 version of the software fixes the problem, as does the upcoming 5.1.0 version. However, he recommends always removing the install folder regardless of what version of the software is in use.

For those sites currently running versions 4.x or 5.x, it would be wise to check for two things. First, check to see if you removed the directories that cause the security vulnerability. Then, check on the administrator accounts on your site. Make sure there isn’t an additional account that’s been added maliciously.

Geek Rescue handles security for websites, networks and all kinds of devices. To get rid of existing malware, or to improve security to keep you safe from it, call Geek Rescue at 918-369-4335.

October 24th, 2013