Posted on 06/01/2006 4:13:11 PM PDT by holymoly
Part of the Circuit City Web site was hacked and used in an attempt to install malicious code on PCs of unknowing visitors, the electronics retailer said Thursday.
Cybercrooks were able to break in and modify a home theater message board on Circuit City's Web site, said Bill Cimino, a spokesman for Circuit City of Richmond, Va. Over an approximately two-week period, visitors to the board were subsequently sent to a site in Russia that attempted to install a "backdoor" on their PCs that gives the attackers remote access, he said.
Circuit City was made aware of the attack on Thursday by the SANS Internet Storm Center, Cimino said. The company took down the message board, operated by a third party, and is in the process of notifying the 1,000 or so registered users of the online forum, he said.
"At this point we think approximately 200 users visited the site while the exploit was active," Cimino said. Those people are registered users of the message board. Circuit City has no data on people who visited the site without being registered, he said.
The attack affects only those people who visited the Circuit City message board on home theaters. The main Circuit City Web site was not compromised, Cimino said. Furthermore, only those forum visitors who used unpatched versions of Microsoft's Internet Explorer Web browser could be victimized, he said.
The attackers used a pair of security flaws. They first broke into the forum Web site by exploiting a bug in the Invision Power Services software that runs it, Cimino said. Then they attempted to install backdoor software onto the PCs of visitors who used a version of IE without Microsoft's January security patches installed, he said.
The Circuit City home theater forum is reached by going to the main Circuit City Web site, clicking on to Home Theater Headquarters and then hitting the "Discuss" option. The site will be back online once the third party that operates it has installed the latest patches for the message board software, Cimino said.
Circuit City recommends its site visitors check whether they have the latest Microsoft patches installed. The company is considering offering registered forum users a free or discounted PC checkup through its partner PlumChoice.
Popular forum.
Got the feeling that Earthlink was hacked today. Barely able to navigate without immediately being kicked off the internet.
Online forums are breeding grounds for cross-site scripting attacks.
Our network (in MS) was attacked for several hours yesterday. Our network admin told me the attack came from a forum on a Southwest Bell domain in Dallas.
The thing that lots of folks fail to understand is that the attack does not always have to "get thru" your defenses to cause damage. The concentrated attack on our network did not succeed in penetrating but it still caused major slowdowns and caused our VPN tunnels to drop offline a number of times.
A little off topic, but it's hard to run a good, secure forum. Mine is phpbb, and it gets hacked by Turkish hackers about once a month. The FR software is the best I've ever seen for functionality. Is there a similar commercial version of this forum software available for sale?
Actually, I recall some years back reading that the FR forum software was being made available for purchase. I know that John Robinson is the chief architect of it. Back then, it was written in PERL. I assume that it still is.
Disclaimer: One of the great things about FR -- if you ask a question, you will almost always find someone with some kind of answer. I have no affiliation with Robinson/Fehr or FR other than having the honor of being allowed to be a member. I merely had the good fortune of having read the above information (hopefully recalled correctly).
Now for the real--and correct--answers, I am taking the liberty of pinging Jim and John Rob to your post.
FReepmail me your CircuitCity password and I'll check for you if your account has been compromised free of charge.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.