Bottom line, a big hole in an add on product, VBSEO, let in the malicious code.
Evildoers used this hole to inject some very highly obfuscated code into our database.
That bad code was injected above our normal html for anyone who was not logged in.
It set a cookie on the infected users computer and tried to run a random remote script to do "who knows what". The random nature accounts for whey we got different specific virus reports.
Luckily, many of our Windows users were running virus scanning programs that recognized the problem.
There are two threads of interest, if you wish to know more.
Vbulletin: http://www.vbulletin.com/forum/showthread.php?361938-Code-randomly-injected-into-our-vbulletin-pages
VBSEO: http://www.vbseo.com/f5/security-bulletin-vbseo-3-5-2-released-45358/
Currently, we have disabled VBSEO so the hole has been plugged for now.
RWH (Real Web Host) worked with us to restore the database prior to the infection and then bring back our threads/posts and pictures.
The Admin staff is reviewing VBSEO to determine its future.
I'd like to say this won't happen again, but alas, its just part of the deal. Hopefully, if future incidents occur, we'll be able to minimize the impact.
Thanks,
Jim
Evildoers used this hole to inject some very highly obfuscated code into our database.
That bad code was injected above our normal html for anyone who was not logged in.
It set a cookie on the infected users computer and tried to run a random remote script to do "who knows what". The random nature accounts for whey we got different specific virus reports.
Luckily, many of our Windows users were running virus scanning programs that recognized the problem.
There are two threads of interest, if you wish to know more.
Vbulletin: http://www.vbulletin.com/forum/showthread.php?361938-Code-randomly-injected-into-our-vbulletin-pages
VBSEO: http://www.vbseo.com/f5/security-bulletin-vbseo-3-5-2-released-45358/
Currently, we have disabled VBSEO so the hole has been plugged for now.
RWH (Real Web Host) worked with us to restore the database prior to the infection and then bring back our threads/posts and pictures.
The Admin staff is reviewing VBSEO to determine its future.
I'd like to say this won't happen again, but alas, its just part of the deal. Hopefully, if future incidents occur, we'll be able to minimize the impact.
Thanks,
Jim
