CurseForge.com

Malicious Spammer Alert

Hey guys,

Another jerk or group of jerks took advantage of the holiday weekend to spam a few thousand comments on the website.

These comments, due to a small security hole in one of the parsers, was able to embed an iframe on the page. It would then in turn try to target out of date versions of Flash.

We've cleaned up any of the comments that we can find, prevented any further ones from rendering, and plugged the leak in the parsers.

I'm not sure exactly what he was trying to install on machines, but I know it looks like it specifically targeted IE with Flash lower than 9 r124.

We're doing what we can to ensure that this type of attack on our users is impossible in the future. Please check your flash version, if you have a vulnerable version please run a virus scanner and try to make sure all is good.

If anyone discovers more information about what exactly they where trying to do, the effectiveness, and detection/cleanup techniques please post them in the comments.


You must login to post a comment. Don't have an account? Register to get one!

  • 6 comments
  • Avatar of honem honem Fri, 05 Dec 2008 05:33:27

    Thank you Kaelten.

    Some silly billy's on the UI/Macros forums on the wow site took your statement of "...to spam a few thousand comments on the website" to mean "comments on the Curse gaming site especially the comments on the Quest Helper addon page".

    Some people have really strange leaps of logic these days. Thank you to Arrowmaster for posting on the thread in question.

  • Avatar of Kaelten Kaelten Fri, 05 Dec 2008 05:03:22

    curseforge and wowace

    WowAce.com & CurseForge.com Adminstrator
    Check out my new addon, OneChoice, it helps you pick quest rewards faster.
    Developer of Ace3, OneBag3, and many other addons and libraries
    Project lead and Mac developer for the Curse Client

  • Avatar of honem honem Fri, 05 Dec 2008 01:58:51

    Um was this the curse site , curseforge site or wowace.com site ?

  • Avatar of Wintrow2 Wintrow2 Thu, 04 Dec 2008 08:42:45

    Lol, I check my version of flash: 9.0 r124

    If that's not luck I don't know what is

    EDIT: Ow yeah, I use Firefox, so no problem for me even if I were using an out of date version?

  • Avatar of honem honem Tue, 02 Dec 2008 16:41:05
    ( For some reason I feel violated :(

    Hold me Kaelten :(

  • Avatar of kakidot kakidot Tue, 02 Dec 2008 04:07:19

    IE 7 saw the project page.. but tab brower(Maxthon) did not see the page... (do not run javascript, tab browers do, but not login...) (I use flash 10 and IE7)

  • 6 comments

Facts

Date created
02 Dec 2008
Last updated
02 Dec 2008

Author