14 DAY TRIAL // A couple of days ago, hackers of Inject0r Team took responsibility for the attacks on MacRumors and vBulletin. They claim to have leveraged a vBulletin zero-day in order to gain access to the companies’ systems.
While both cyberattacks have been confirmed, vBulletin representatives say there’s no evidence that the zero-day Inject0r Team is referring to exists. Furthermore, they’ve stated that the system breached by the hackers was a testing system.
“Given our analysis of the evidence provided by the Inject0r team, we do not believe that they have uncovered a 0-day vulnerability in vBulletin,” vBulletin Technical Support Lead Wayne Luke noted.
“These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications. The best defense against potential compromises is to keep your system running on the very latest patch release of the software,” he added.
The hackers claim to have put the vBulletin remote code execution exploit up for sale.
According to Brian Krebs, MacRumors representatives have told him that the attacker hacked a moderator’s account which he used to embed JavaScript code in an announcement. When an administrator loaded the announcement page, a plugin was installed in the background allowing the attackers to execute PHP code.
Arnold Kim, the owner of MacRumors, has noted that the moderator whose account has been compromised had used the same username and password on vBulletin.com as well.
It remains to be seen if the zero-day is real or not. Krebs says some users have already purchased the exploit sold by Inject0r so we’ll probably find out soon enough.
In the meantime, DEF CON, OVH, and Garage4Hackers have disabled their forums as a precaution.