AKAAB -
We had a blanket message on all the forums for a few days - I just pulled it yesterday. You must have missed it. Perhaps you were offline during the holiday?
We run a forum application created by Invision Power Board. They are pretty big as forums go...NASA, SONY, Blue Cross, and numerous Professional Sports Sites use their forums for their online communities.
We were running version 2.1.4. Hackers with a Russian IP address were able to register on our boards and post a message with malicious code. This image actually contained malicious script that enabled the hacker to gain back door access to the forum administration area.
The hackers then proceeded to add malicious code to the forum skin (the front end). This code basically hijacked anyone who did not have anti-virus/worm/Trojan protection and took them to the hackers site....some type of advertisement/pay per click page.
Furthermore, the hacker sent a mass email using the administrative bulk email manager. The email was sent to anyone who has registered on USaviation.com. This email contained a link to download a spyware/adware type program. Once loaded, this program would direct you to their site whenever you tried to get online.
What we have done. Firstly - we realized we had been compromised 2 hours after we were hacked. We immediately shut down new registrations, emailed the members with a Virus Alert, pin pointed the hacker's registration and banned the IP address, deleted the member, contacted his ISP with a complaint. Our server database was then scrubbed and the malicious back door code was removed. We then removed the malicious code from the forum skin. We then had the forum makers upgrade our boards to a newer version. They uploaded security patches to prevent this type of penetration and verified that all malicious code/data was indeed removed. We got the green light.
I sincerely apologize for your inconvenience.
Sincerely,
Kevin
US AViation Administrator