15,000 vBulletin Forums Compromised to Serve Malware from Malicious PHP Code Injection

Sucuri, a site and security firm dedicated to web security issues, has discovered where cybercrooks have exploited serious vulnerabilities in older versions of the popular vBulletin web forum software.

There is an abundance of sites utilizing the vBulletin forum software. There are even some sites that build their entire web presence on the vBulletin platform as it provides many customization and modification options to suit the needs of various website types. In knowing how abundant use of vBulletin is hackers have compiled PHP code to inject into as many as 15,000 sites running vBulletin forum software.

In looking at vBulletin forum software, an expert would easily conclude that there are several components of the software that need to be working in synch for a properly developed site to operate. Some of these components have been pillaged by cybercrooks so they may take advantage of a vulnerability, hence the reason that so many updates to software like vBulletin is released almost on a weekly or monthly basis. In such a case, cybercrooks have compromised thousands of sites powered by vBulletin in an effort to spread various malware.

One particular part of vBulletin, as found by the security firm Sucuri, PHP code is injected and designed to contact the front.adabeupdate.com site to retrieve content from it. Sucuri explained "This allows the malware to be injected to the forum pages and pushed down to the visitors of the web site via iFrames. The content is all remotely generated, changing very often, but the format is always the same." PHP code is the programming language in which vBulletin forum software is primarily consisted of.

The vast size of this recent malicious PHP code injection campaign conducted by unknown cybercrooks has so far been based on the number of Google indexed pages containing a certain error when the server hosting the malicious downloads was taken down.

What is probably one of the easiest solutions to this newly discovered vulnerability for those who run older versions of vBulletin forum software on their website, is to update the software including all add-on components.

Since the attack of the malicious PHP code targets a certain component of vBulletin, it is advisable that all templates and plugins of the software be updated and checked for malicious components. You can think of this vulnerability to be much like common PC malware threats, where they seek out vulnerabilities, usually from outdated software. It behooves you to keep all of your software updated to help prevent malicious attacks, just as vBulletin site webmasters should do with all related components of the popularized forum software.