Malicious Spammer Alert

Hey guys,

Another jerk or group of jerks took advantage of the holiday weekend to spam a few thousand comments on the website.

These comments, due to a small security hole in one of the parsers, was able to embed an iframe on the page. It would then in turn try to target out of date versions of Flash.

We've cleaned up any of the comments that we can find, prevented any further ones from rendering, and plugged the leak in the parsers.

I'm not sure exactly what he was trying to install on machines, but I know it looks like it specifically targeted IE with Flash lower than 9 r124.

We're doing what we can to ensure that this type of attack on our users is impossible in the future. Please check your flash version, if you have a vulnerable version please run a virus scanner and try to make sure all is good.

If anyone discovers more information about what exactly they where trying to do, the effectiveness, and detection/cleanup techniques please post them in the comments.


You must login to post a comment. Don't have an account? Register to get one!

  • 6 comments
  • Avatar of honem honem Dec 05, 2008 at 05:33 UTC - 0 likes

    Thank you Kaelten.

    Some silly billy's on the UI/Macros forums on the wow site took your statement of "...to spam a few thousand comments on the website" to mean "comments on the Curse gaming site especially the comments on the Quest Helper addon page".

    Some people have really strange leaps of logic these days. Thank you to Arrowmaster for posting on the thread in question.

  • Avatar of Kaelten Kaelten Dec 05, 2008 at 05:03 UTC - 0 likes

    curseforge and wowace

    WowAce.com & CurseForge.com Adminstrator
    Check out my new addon, OneChoice, it helps you pick quest rewards faster.
    Developer of Ace3, OneBag3, and many other addons and libraries
    Project lead and Mac developer for the Curse Client

  • Avatar of honem honem Dec 05, 2008 at 01:58 UTC - 0 likes

    Um was this the curse site , curseforge site or wowace.com site ?

  • Avatar of Wintrow2 Wintrow2 Dec 04, 2008 at 08:42 UTC - 0 likes

    Lol, I check my version of flash: 9.0 r124

    If that's not luck I don't know what is

    EDIT: Ow yeah, I use Firefox, so no problem for me even if I were using an out of date version?

  • Avatar of honem honem Dec 02, 2008 at 16:41 UTC - 0 likes
    ( For some reason I feel violated :(

    Hold me Kaelten :(

  • Avatar of kakidot kakidot Dec 02, 2008 at 04:07 UTC - 0 likes

    IE 7 saw the project page.. but tab brower(Maxthon) did not see the page... (do not run javascript, tab browers do, but not login...) (I use flash 10 and IE7)

  • 6 comments

Facts

Date created
Dec 02, 2008
Last updated
Dec 02, 2008

Author