02-28-2014, 03:11 PM | #1 |
Fully Converged
Posts: 18,171
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
Detected Malware 02/18 @ 08:40 EDT
Today the account of one of our moderators was compromised. As a result an attacker used this account at 8:41 AM EDT and injected malicious cross-site-scripting code into our forum software with the goal to gain access to the database. At 9:19 AM EDT team members discovered and removed the code and locked down the compromised account. Due to existing safety measures, access to the database did not occur.
Given the nature of this attack, we contacted everyone who loaded the malicious code (around 30 members) with the suggestion to proactively change their user passwords. Our apologies for the inconvenience. Cheers, Alexander MobileRead Team |
03-01-2014, 10:42 AM | #2 |
Scholar
Posts: 1,009
Karma: 3999312
Join Date: Aug 2008
Location: Denmark
Device: Kobo Libra H2O + iPad Air 4
|
Uh, I feel special now.
*Changed his password* |
Advert | |
|
03-01-2014, 03:14 PM | #3 |
When's Doughnut Day?
Posts: 10,059
Karma: 13675475
Join Date: Jul 2007
Location: Houston, TX, US
Device: Sony PRS-505, iPad
|
Thank you, Alexander, for once again being on top of things and being open about it.
|
03-01-2014, 08:44 PM | #4 |
Grand Sorcerer
Posts: 11,310
Karma: 43993832
Join Date: Feb 2010
Location: Monroe Wisconsin
Device: K3, Kindle Paperwhite, Calibre, and Mobipocket for Pc (netbook)
|
I never even noticed a thing. Guess I missed the (unwanted) excitement.
|
03-02-2014, 04:24 AM | #5 |
Treachery of images ...
Posts: 4,069
Karma: 91561091
Join Date: May 2012
Location: Australia
Device: Blackberry Playbook, Sony 650, Kobo Glo, H2O, Aura One, Forma, Libra 2
|
Thank you Alexander for alerting the Community about this attack.
It comforts me to know that you have security measures in place to handle such an attack and/or compromised situation. Special thanks to the Moderators who were so quick off the mark. |
Advert | |
|
03-02-2014, 11:59 AM | #6 |
Wizard
Posts: 3,388
Karma: 14190103
Join Date: Jun 2009
Location: Berlin
Device: Cybook, iRex, PB, Onyx
|
So, have you thrown the commander overboard?
Thanks to the mods who have been so attentive and knowledgeable! |
03-12-2014, 04:21 PM | #7 | |
Fanatic
Posts: 580
Karma: 1309104
Join Date: Oct 2011
Location: BC,Canada/NV, USA
Device: iPad 9th Gen, iPhone 11, Paperwhite 10th Gen.
|
Quote:
Just curious, how would you know who loaded the malicious code? Did it require downloading something or did one just have to land on the wrong page with malicious code loaded into a signature on someone's post or...what? I guess I'm a little paranoid, but I know sometimes just landing on a web page can get one's computer infected. |
|
03-12-2014, 04:23 PM | #8 |
Force-Aware Elf
Posts: 4,757
Karma: 11557898
Join Date: Feb 2014
Location: Valinor
Device: Kindle 4 w/SO
|
or even closing one
|
03-12-2014, 09:07 PM | #9 |
Fanatic
Posts: 580
Karma: 1309104
Join Date: Oct 2011
Location: BC,Canada/NV, USA
Device: iPad 9th Gen, iPhone 11, Paperwhite 10th Gen.
|
I'm unsure about the nature or intention of this post. I was referring to what is commonly known as a "drive by download".
https://blogs.mcafee.com/consumer/drive-by-download |
03-13-2014, 06:44 AM | #10 | |
Fully Converged
Posts: 18,171
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
Quote:
So in a nutshell, this code was not about infecting your computer (it didn't), but about using your MobileRead credentials to execute administrator commands. Kinda like a brute force attack not caring whether you are actually an administrator or not. |
|
03-13-2014, 12:23 PM | #11 |
Fanatic
Posts: 580
Karma: 1309104
Join Date: Oct 2011
Location: BC,Canada/NV, USA
Device: iPad 9th Gen, iPhone 11, Paperwhite 10th Gen.
|
OK. Thanks, Alexander.
|
03-13-2014, 07:25 PM | #12 | |
Force-Aware Elf
Posts: 4,757
Karma: 11557898
Join Date: Feb 2014
Location: Valinor
Device: Kindle 4 w/SO
|
Quote:
|
|
03-13-2014, 07:28 PM | #13 |
Force-Aware Elf
Posts: 4,757
Karma: 11557898
Join Date: Feb 2014
Location: Valinor
Device: Kindle 4 w/SO
|
you mentioned "landing on a page can get ones computer infected"...
|
03-13-2014, 08:25 PM | #14 | |
Fanatic
Posts: 580
Karma: 1309104
Join Date: Oct 2011
Location: BC,Canada/NV, USA
Device: iPad 9th Gen, iPhone 11, Paperwhite 10th Gen.
|
Quote:
Now that you mention it, about things trying to install when you close a web page, a while back I went to a page where a popup window showed up offering to download something, and clicking on any button in that window (even if it said "no" or "cancel") would start a download, or even using the red 'x' in the corner to close the window would start the download. I think in that case I closed the entire browser and ran a scan with Malwarebytes, which did find a partial of a malware file. I've also had it happen where I've gone to a web page and my AV software popped up a warning about some malware of some sort trying to run. If my memory is correct, I think that was a java exploit, which my antivirus software blocked. (I don't have java on my windows machines anymore.) When I read Alexander's post, I had wondered if it was that sort of exploit in a signature or something like that that Alexander was referring to. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Scheduled Maintenance June 18 (Tuesday) @ 3:00am EDT | Alexander Turcic | Announcements | 6 | 06-16-2013 04:59 PM |
Scheduled Maintenance 03/10 @ 05:00 EDT | Alexander Turcic | Announcements | 5 | 03-17-2013 06:40 AM |
Scheduled Maintenance 07/03 @ 05:00 EDT | Alexander Turcic | Announcements | 0 | 07-02-2012 03:00 AM |
Scheduled Maintenance 06/24 @ 05:00 EDT | Alexander Turcic | Announcements | 4 | 06-25-2012 03:29 AM |
Scheduled maintenance 08/03 @ 4am EDT | Alexander Turcic | Announcements | 13 | 08-03-2008 10:52 AM |