500K+ PHPBB sites hacked.

PHPBB has been known to be the worse forum software to use when it comes to security, yet people still use it. More than half a million websites have been compromised in a new round of attacks that hacked domains in order to infect unsuspecting users’ PCs with a variety of trojans.

“This is an ongoing campaign, with new domains [hosting the malware] popping up even this morning,” said Paul Ferguson, a network architect at antivirus vendor Trend Micro Inc. “The domains are changing constantly.” “We’re not sure if it’s [because of] improper configuration of phpBB or a vulnerability. Open-source applications like phpBB tend to be targeted quite a bit.”

A visitor to a hacked site is redirect to a series of other sites that have been hacked, then it reaches it’s destination. At this point the infected server ping the users computer for Microsoft vulnerabilities, if found, malware is installed and the chain continues.