PDA

View Full Version : forum poisoning script kiddie tools


jdh
July 30th, 2007, 01:32 PM
VXers publish blog poisoning tool
Script kiddie tool foils captchas
By John Leyden

http://www.theregister.com/2007/07/30/blog_poisoning_tool/

XRumer can publish comments on sites created by phpBB, PHP-Nuke (with some modification), yaBB, VBulletin, Invision Power Board, IconBoard, UltimateBB, exBB, and phorum.org. Usually, the spam message contains a link to pages infected with malware, although the tool can also be used to advertise websites through spam.

"The success of blogs, forums, etc, has not gone unnoticed to cyber crooks, who use them to try to infect as many people as possible," said Luis Corrons, technical director of PandaLabs.

Judy G. Russell
July 30th, 2007, 07:02 PM
VXers publish blog poisoning tool
Script kiddie tool foils captchasWe're aware of the risks and will do what's possible to keep them to a minimum. Fortunately, most people here aren't likely to fall for the sorts of things a script kiddie would post.

sidney
July 30th, 2007, 07:51 PM
XRumer can publish comments on sites created by phpBB, PHP-Nuke (with some modification), yaBB, VBulletin,...

The authors of VBulletin seem to be aware of XRumer (http://www.vbulletin.com/forum/archive/index.php/t-235239.html) and think that the latest CAPTCHA pictures, when correctly configured (http://www.vbulletin.com/forum/showthread.php?t=211647), are still beyond what the latest version of XRumer can handle. It does seem to be an ongoing war, though, as you can see from the series of pictures (http://blogs.pandasoftware.com/blogs/pandalabs/archive/2007/07/24/XRumer.aspx) of CAPTCHAs handled by successive versions of XRumer.

jdh
July 30th, 2007, 11:20 PM
Fortunately, most people here aren't likely to fall for the sorts of things a script kiddie would post.

According to what I understand, the users are probably professional criminals, only lacking computer tech skills. I assume a professional criminal would not have to be too smart to do some social engineering. e.g.

"Here's some nice photos I took at the electronics show."

or

"Nice view from top of Mt. Washington."

or

"Yet another White House privacy violation revealed"

etc.

I assume that they could not plant the malware directly on tapcis.com but just a link to the site where the malware distributing exploit was hosted, hosted either by intent or by infection. There are plenty of infected web servers out there and a bot pc could be turned into a web hosting PC too.

So for example, with Firefox and my NoScript extension of FF running, I would have javascript enabled for tapcis.com but NOT enabled for malwareinfectedsite.com , so I'd be relatively safe, even if I clicked a link spammed into a message on this forum. With MS IE7 perhaps you'd be infected unless you make it a rule never to click on links in messages from members you don't know. Or unless you had a security addon for MS IE (e.g. IE7Pro?).

DH

jdh
July 30th, 2007, 11:23 PM
The authors of VBulletin seem to be aware of XRumer (http://www.vbulletin.com/forum/archive/index.php/t-235239.html) and think that the latest CAPTCHA pictures, when correctly configured (http://www.vbulletin.com/forum/showthread.php?t=211647), are still beyond what the latest version of XRumer can handle. It does seem to be an ongoing war, though, as you can see from the series of pictures (http://blogs.pandasoftware.com/blogs/pandalabs/archive/2007/07/24/XRumer.aspx) of CAPTCHAs handled by successive versions of XRumer.

I don't remember if this forum is set up in vbulletin to require email address verification, but I assume that if the attack could get past the captcha, then email address verification would only slow the attack down by a few minutes?

DH

sidney
July 31st, 2007, 08:34 AM
if the attack could get past the captcha

There's always this :)


http://static.flickr.com/1267/962464082_e7af9a2814.jpg

Dan in Saint Louis
July 31st, 2007, 09:29 AM
There's always this :)


http://static.flickr.com/1267/962464082_e7af9a2814.jpg
Zero?

sidney
July 31st, 2007, 05:56 PM
Zero?

Well, I find the notation a little bit strange, but if they mean find the derivative with respect to x, rather than a partial derivative, and the part at the end means evaluate the the derivative at x=2π, then the answer is 14. Remember that cos(v+π/2) = -sin(v) so you can simplify the second half of the expression into just -4sin(7x).

This captcha is from this registration page (http://random.irb.hr/signup.php) at a new web site that provides high quality random numbers from a quantum process high speed random number generator.

Judy G. Russell
July 31st, 2007, 07:22 PM
It does seem to be an ongoing war, thoughYep, sure is, and before the last round of vBulletin upgrades, we were losing the war. So far, we're holding our own and I hope vBulletin stays just that one step ahead from now on!

Dan in Saint Louis
July 31st, 2007, 07:23 PM
Well, I find the notation a little bit strange, but if they mean find the derivative with respect to x, rather than a partial derivative,
Has to be, since no other variables are defined.
and the part at the end means evaluate the the derivative at x=2π,
Yes, that notation was common in my text books.
then the answer is 14. Remember that cos(v+π/2) = -sin(v) so you can simplify the second half of the expression into just -4sin(7x).
Ah, yes, I had temporary brain fade and was thinking that cos 0 = 0, when of course that would be sin 0 = 0.
This captcha is from this registration page (http://random.irb.hr/signup.php) at a new web site that provides high quality random numbers from a quantum process high speed random number generator.
And if you can't answer it, you don't deserve admission? I clearly would not have made it!

Judy G. Russell
July 31st, 2007, 07:48 PM
if you can't answer it, you don't deserve admission? I clearly would not have made it!And I wouldn't even have tried...

Lindsey
July 31st, 2007, 11:08 PM
There's always this :)


http://static.flickr.com/1267/962464082_e7af9a2814.jpg
And the correct answer is what Dick Cheney told Pat Leahy on the floor of the Senate, yes?

--Lindsey

Judy G. Russell
August 1st, 2007, 12:07 AM
And the correct answer is what Dick Cheney told Pat Leahy on the floor of the Senate, yes?ROFL!!!! Now that I could figure out!!!

Lindsey
August 1st, 2007, 12:31 AM
ROFL!!!! Now that I could figure out!!!
Hey, it's a much more human answer than crunching the numbers!

--Lindsey

Lindsey
August 1st, 2007, 12:41 AM
ROFL!!!! Now that I could figure out!!!
There is some justice in the world. I love that Cheney's public F-bombing of Leahy was cited by Second Circuit Court of Appeals in striking down the FCC's draconian fines for spontaneous profanity in live broadcasts.

--Lindsey

Judy G. Russell
August 1st, 2007, 12:55 AM
There is some justice in the world. I love that Cheney's public F-bombing of Leahy was cited by Second Circuit Court of Appeals in striking down the FCC's draconian fines for spontaneous profanity in live broadcasts.Appropriately, as well, though there is no license required to speak in Cheney's case and there is in the broadcast world.