Quote:
Originally Posted by 49Kat
Just curious, how would you know who loaded the malicious code? Did it require downloading something or did one just have to land on the wrong page with malicious code loaded into a signature on someone's post or...what? I guess I'm a little paranoid, but I know sometimes just landing on a web page can get one's computer infected.
|
Seeing who loaded the malicious code was trivial thanks to the error triggered by it and recorded in our server logs. Through a compromised moderator account the javascript code was embedded in a fake announcement - basically waiting for an administrator to load that page. Once that would have happened, the code should have been able to install a payload software onto our system that could have allowed them access to the database. The exploit has been known since November 2013 when MacRumors, Ubuntu Forums and openSUSE forums were hit by it, and we took precautions to prevent the payload from getting executed. As a side effect, everyone who loaded the code in the duration of those 30+ minutes before we detected it was confronted with an error message.
So in a nutshell, this code was not about infecting your computer (it didn't), but about using your MobileRead credentials to execute administrator commands. Kinda like a brute force attack not caring whether you are actually an administrator or not.