forum poisoning script kiddie tools

jdh · #1 July 30th, 2007, 12:32 PM

VXers publish blog poisoning tool
Script kiddie tool foils captchas
By John Leyden

http://www.theregister.com/2007/07/3...oisoning_tool/

XRumer can publish comments on sites created by phpBB, PHP-Nuke (with some modification), yaBB, VBulletin, Invision Power Board, IconBoard, UltimateBB, exBB, and phorum.org. Usually, the spam message contains a link to pages infected with malware, although the tool can also be used to advertise websites through spam.

"The success of blogs, forums, etc, has not gone unnoticed to cyber crooks, who use them to try to infect as many people as possible," said Luis Corrons, technical director of PandaLabs.

Judy G. Russell · View Parent #2 July 30th, 2007, 06:02 PM

Quote:

Originally Posted by jdh

VXers publish blog poisoning tool
Script kiddie tool foils captchas

We're aware of the risks and will do what's possible to keep them to a minimum. Fortunately, most people here aren't likely to fall for the sorts of things a script kiddie would post.

sidney · View Parent #3 July 30th, 2007, 06:51 PM

Quote:

Originally Posted by jdh

XRumer can publish comments on sites created by phpBB, PHP-Nuke (with some modification), yaBB, VBulletin,...

The authors of VBulletin seem to be aware of XRumer and think that the latest CAPTCHA pictures, when correctly configured, are still beyond what the latest version of XRumer can handle. It does seem to be an ongoing war, though, as you can see from the series of pictures of CAPTCHAs handled by successive versions of XRumer.

jdh · View Parent #4 July 30th, 2007, 10:20 PM

Quote:

Originally Posted by Judy G. Russell

Fortunately, most people here aren't likely to fall for the sorts of things a script kiddie would post.

According to what I understand, the users are probably professional criminals, only lacking computer tech skills. I assume a professional criminal would not have to be too smart to do some social engineering. e.g.

"Here's some nice photos I took at the electronics show."

or

"Nice view from top of Mt. Washington."

or

"Yet another White House privacy violation revealed"

etc.

I assume that they could not plant the malware directly on tapcis.com but just a link to the site where the malware distributing exploit was hosted, hosted either by intent or by infection. There are plenty of infected web servers out there and a bot pc could be turned into a web hosting PC too.

So for example, with Firefox and my NoScript extension of FF running, I would have javascript enabled for tapcis.com but NOT enabled for malwareinfectedsite.com , so I'd be relatively safe, even if I clicked a link spammed into a message on this forum. With MS IE7 perhaps you'd be infected unless you make it a rule never to click on links in messages from members you don't know. Or unless you had a security addon for MS IE (e.g. IE7Pro?).

DH

jdh · View Parent #5 July 30th, 2007, 10:23 PM

Quote:

Originally Posted by sidney

The authors of VBulletin seem to be aware of XRumer and think that the latest CAPTCHA pictures, when correctly configured, are still beyond what the latest version of XRumer can handle. It does seem to be an ongoing war, though, as you can see from the series of pictures of CAPTCHAs handled by successive versions of XRumer.

I don't remember if this forum is set up in vbulletin to require email address verification, but I assume that if the attack could get past the captcha, then email address verification would only slow the attack down by a few minutes?

DH

sidney · View Parent #6 July 31st, 2007, 07:34 AM

Quote:

Originally Posted by jdh

if the attack could get past the captcha

There's always this

Dan in Saint Louis · View Parent #7 July 31st, 2007, 08:29 AM

Quote:

Originally Posted by sidney

There's always this

Zero?

sidney · View Parent #8 July 31st, 2007, 04:56 PM

Quote:

Originally Posted by Dan in Saint Louis

Zero?

Well, I find the notation a little bit strange, but if they mean find the derivative with respect to x, rather than a partial derivative, and the part at the end means evaluate the the derivative at x=2π, then the answer is 14. Remember that cos(v+π/2) = -sin(v) so you can simplify the second half of the expression into just -4sin(7x).

This captcha is from this registration page at a new web site that provides high quality random numbers from a quantum process high speed random number generator.

Judy G. Russell · View Parent #9 July 31st, 2007, 06:22 PM

Quote:

Originally Posted by sidney

It does seem to be an ongoing war, though

Yep, sure is, and before the last round of vBulletin upgrades, we were losing the war. So far, we're holding our own and I hope vBulletin stays just that one step ahead from now on!

Dan in Saint Louis · View Parent #10 July 31st, 2007, 06:23 PM

Quote:

Originally Posted by sidney

Well, I find the notation a little bit strange, but if they mean find the derivative with respect to x, rather than a partial derivative,

Has to be, since no other variables are defined.

Quote:

and the part at the end means evaluate the the derivative at x=2π,

Yes, that notation was common in my text books.

Quote:

then the answer is 14. Remember that cos(v+π/2) = -sin(v) so you can simplify the second half of the expression into just -4sin(7x).

Ah, yes, I had temporary brain fade and was thinking that cos 0 = 0, when of course that would be sin 0 = 0.

Quote:

This captcha is from this registration page at a new web site that provides high quality random numbers from a quantum process high speed random number generator.

And if you can't answer it, you don't deserve admission? I clearly would not have made it!

Judy G. Russell · View Parent #11 July 31st, 2007, 06:48 PM

Quote:

Originally Posted by Dan in Saint Louis

if you can't answer it, you don't deserve admission? I clearly would not have made it!

And I wouldn't even have tried...

Lindsey · View Parent #12 July 31st, 2007, 10:08 PM

Quote:

Originally Posted by sidney

There's always this

And the correct answer is what Dick Cheney told Pat Leahy on the floor of the Senate, yes?

--Lindsey

Judy G. Russell · View Parent #13 July 31st, 2007, 11:07 PM

Quote:

Originally Posted by Lindsey

And the correct answer is what Dick Cheney told Pat Leahy on the floor of the Senate, yes?

ROFL!!!! Now that I could figure out!!!

Lindsey · View Parent #14 July 31st, 2007, 11:31 PM

Quote:

Originally Posted by Judy G. Russell

ROFL!!!! Now that I could figure out!!!

Hey, it's a much more human answer than crunching the numbers!

--Lindsey

Lindsey · View Parent #15 July 31st, 2007, 11:41 PM

Quote:

Originally Posted by Judy G. Russell

ROFL!!!! Now that I could figure out!!!

There is some justice in the world. I love that Cheney's public F-bombing of Leahy was cited by Second Circuit Court of Appeals in striking down the FCC's draconian fines for spontaneous profanity in live broadcasts.

--Lindsey

Judy G. Russell · View Parent #16 July 31st, 2007, 11:55 PM

Quote:

Originally Posted by Lindsey

There is some justice in the world. I love that Cheney's public F-bombing of Leahy was cited by Second Circuit Court of Appeals in striking down the FCC's draconian fines for spontaneous profanity in live broadcasts.

Appropriately, as well, though there is no license required to speak in Cheney's case and there is in the broadcast world.