email re www.christianteenforums.com from US Avation?

Sally4th

Veteran
Nov 29, 2005
990
0
PHL-LGW-PHL-LGW........
Visit site
Did anyone else get an email from US Aviation regarding www.christianteenforums.com?

It refers to "http://traffmoney1.biz/dl/loadadv608.exe" and my virus blocker caught an "invasion attempt" from trafficmoney1 when I just opened US Aviation today??? :shock:
 
Question answered, 2nd email reporting virus just received. In case you have not read your email:

Do not open any links on an email you received from US Aviation earlier today. It contains a link to a virus. Our site was compromised and someone sent a fraudulent email to our members. We apologize for the inconvenience, and are working to correct the problem.
 
Question answered, 2nd email reporting virus just received. In case you have not read your email:

Do not open any links on an email you received from US Aviation earlier today. It contains a link to a virus. Our site was compromised and someone sent a fraudulent email to our members. We apologize for the inconvenience, and are working to correct the problem.

I didn't open the email and deleted it immediately when I saw it was trying to send me to a non-aviation site, but I still got fully invaded through the preview pane in Outlook. I've got all the virus protection in the world, but it still got into my laptop. I've just spent two entire days trying to clean and restore my system.







For the record, I think it would be appropriate for USAviation to give us a little more information on what happened and how it's going to be prevented from happening again.

The silence is deafening...
 
AKAAB -

We had a blanket message on all the forums for a few days - I just pulled it yesterday. You must have missed it. Perhaps you were offline during the holiday?

We run a forum application created by Invision Power Board. They are pretty big as forums go...NASA, SONY, Blue Cross, and numerous Professional Sports Sites use their forums for their online communities.

We were running version 2.1.4. Hackers with a Russian IP address were able to register on our boards and post a message with malicious code. This image actually contained malicious script that enabled the hacker to gain back door access to the forum administration area.

The hackers then proceeded to add malicious code to the forum skin (the front end). This code basically hijacked anyone who did not have anti-virus/worm/Trojan protection and took them to the hackers site....some type of advertisement/pay per click page.

Furthermore, the hacker sent a mass email using the administrative bulk email manager. The email was sent to anyone who has registered on USaviation.com. This email contained a link to download a spyware/adware type program. Once loaded, this program would direct you to their site whenever you tried to get online.

What we have done. Firstly - we realized we had been compromised 2 hours after we were hacked. We immediately shut down new registrations, emailed the members with a Virus Alert, pin pointed the hacker's registration and banned the IP address, deleted the member, contacted his ISP with a complaint. Our server database was then scrubbed and the malicious back door code was removed. We then removed the malicious code from the forum skin. We then had the forum makers upgrade our boards to a newer version. They uploaded security patches to prevent this type of penetration and verified that all malicious code/data was indeed removed. We got the green light.

I sincerely apologize for your inconvenience.

Sincerely,
Kevin
US AViation Administrator
 
Thanks for the explanation. During the "event" I could not access the forums at all so I did not see any blanket message. I did receive the warning email, but well after the hackers got into my system. The annoying thing is that I have active anti-virus/anti-trojan software running and it still managed to get something under the radar into my system...

Now, it looks like enough damage has been done to require a complete format and reload to get it out. We've been trying to sniff out one last trojan that eludes us and keeps dropping randomly named .exe into my Windows/temp file.

Hackers should be castrated...