Today Neowin suffered yet another attack on its forums and main news pages. An exploit allowed the attacker to place an iframe linking to a website that prompts visitors to download a plug-in.
Not content with doing that alone, the attacker also managed to send out a bulk mail asking forum members to install a trojan called win32.exe, we hope our guests never install anything they aren't sure of and secondly Neowin would never ask you to run an executable from a bulk mailer.
The message is as follows, please disregard it if you have received it.
From: Neowin Forums [firstname.lastname@example.org]
Sent: 06 December 2007 3:41 PM
To: Tom Warren
Subject: Our New Software! ( Neowin Forums )
Dear creamhackered, our forum presents you our new software: NeoWin 1.0. It will ease your browsing our site and forum. Please download and install it.
NeoWin 1.0: Snipped URL to trojan
At the moment we are trying to trace how the attacker was able to modify Neowin so it can be avoided in the future. One thing is for sure though, you suck whoever you are.
Update: OK it seems like the guy got in through a flaw in our phpMyAdmin software. Timdorr is working on it with Marcel Klum, the other staff have all been busy removing IFRAMES from the forum and Main page. Thanks Rob!
Link: Here is where the "hacker" lives