Torrentreactor breach serves potent exploit in Security http://www.dslreports.com/forum/r22639664 en Fri, 04 Dec 2009 11:51:54 EDT Fri, 04 Dec 2009 11:51:54 EDT Re: Torrentreactor breach serves potent exploit http://www.dslreports.com/forum/remark,22649209 siljaline : TorrentReactor Users Suffer Rootkit Attack
»torrentfreak.com/torrentreactor-···-090702/]]> http://www.dslreports.com/forum/remark,22649209 Fri, 03 Jul 2009 11:12:15 EDT Re: Torrentreactor breach serves potent exploit http://www.dslreports.com/forum/remark,22641849 Doctor Four : Well there goes another of my bookmarked torrent sites. I haven't visited them in more than a year because I thought the new site style was pretty crappy, and seemed to allow a lot of junk (which likely included fakes) in the categories.

But I suppose like other iframe injections, if you're using Firefox and NoScript, nothing is going to happen anyway unless you do something dangerous like allow all scripts.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
]]> http://www.dslreports.com/forum/remark,22641849 Wed, 01 Jul 2009 20:06:41 EDT Re: Torrentreactor breach serves potent exploit http://www.dslreports.com/forum/remark,22641784 siljaline : Let's just chalk it up to a Canada Day, silly moment. ]]> http://www.dslreports.com/forum/remark,22641784 Wed, 01 Jul 2009 19:55:41 EDT Re: Torrentreactor breach serves potent exploit http://www.dslreports.com/forum/remark,22641458 mysec : Note that this exploit is following the trend of packaging both browser and plugin exploits, hoping to catch something unpatched.

The browser exploit is for IE6 (MDAC, MS06-014) and Microsoft Office Snapshot Viewer which works on IE6 and I think IE7.

Both of these have been long since patched.

The plugin exploits are for Adobe Acrobat Reader and Adobe Shockwave, and of course, will work in any browser.

These require a vulnerable verision of the application and plugins enabled.

Pretty typical stuff these days.

Hopefully everyone is aware of how to protect against this, but I still mention it to people just to be sure.



----
rich]]> http://www.dslreports.com/forum/remark,22641458 Wed, 01 Jul 2009 18:45:30 EDT Re: Torrentreactor breach serves potent exploit http://www.dslreports.com/forum/remark,22640987 Stem Bolt :
said by siljaline See Profile :

That is the actually article is more to-the-point in the URL I posted. Sorry if you are/were offended, none intended ;)
I'm not offended. Both articles say the same thing. What did you find "more to the point" in the article you posted? Just curious.
--
Dr. Web 5.0 + ThreatFire + Router/SPI]]> http://www.dslreports.com/forum/remark,22640987 Wed, 01 Jul 2009 17:18:20 EDT Re: Torrentreactor breach serves potent exploit http://www.dslreports.com/forum/remark,22640748 anon : Site seems ok, I cannot see nothing bad there.]]> http://www.dslreports.com/forum/remark,22640748 Wed, 01 Jul 2009 16:54:24 EDT Re: Torrentreactor breach serves potent exploit http://www.dslreports.com/forum/remark,22640294 siljaline : That is the actually article is more to-the-point in the URL I posted. Sorry if you are/were offended, none intended ;)]]> http://www.dslreports.com/forum/remark,22640294 Wed, 01 Jul 2009 15:04:34 EDT Re: Torrentreactor breach serves potent exploit http://www.dslreports.com/forum/remark,22640173 Stem Bolt :
said by siljaline See Profile :

Basically the same here Stem Bolt See Profile :)
»securitylabs.websense.com/conten···430.aspx
Yeah, what's your point?
--
Dr. Web 5.0 + ThreatFire + Router/SPI]]> http://www.dslreports.com/forum/remark,22640173 Wed, 01 Jul 2009 14:39:32 EDT Re: Torrentreactor breach serves potent exploit http://www.dslreports.com/forum/remark,22639978 siljaline : Basically the same here Stem Bolt See Profile :)
»securitylabs.websense.com/conten···430.aspx]]> http://www.dslreports.com/forum/remark,22639978 Wed, 01 Jul 2009 14:04:16 EDT Torrentreactor breach serves potent exploit http://www.dslreports.com/forum/remark,22639664 Stem Bolt : »www.theregister.co.uk/2009/07/01···_breach/
quote:
Torrentreactor has long been regarded as one of the top bit torrent search engines, and with the demise of The Pirate Bay, it's likely bigger than ever. Now, it's been breached and is serving a potent cocktail of exploits to people browsing the site, Websense Security Labs says.

Attackers have managed to inject an iframe into the site that scours Torrentreactor visitors' computers from a long list of vulnerable applications, including Adobe's Reader and Shockwave programs and Microsoft's Internet Explorer and Office Snapshot Viewer. When it finds one, it downloads and runs a malicious file.

According to Websense, the malware has an extremely low detection rate, with just two of 32 anti-virus engines identifying the threat. Once executed, it installs a rootkit on victims' machines.

The malicious file in the latest compromise communicates with a server at 78.109.29.116, an IP address that web searches suggest has ties to the Russian Business Network. We'll be steering clear of this site for the time being.

--
Dr. Web 5.0 + ThreatFire + Router/SPI]]> http://www.dslreports.com/forum/remark,22639664 Wed, 01 Jul 2009 13:08:42 EDT