Cherokee Forum got Hacked... I'm PO'd!

[ExpoMike]

So I load up my browser this morning with all the different forums I am on. Next thing I know my antivirus and anti-malware alerts start going off big time. It's blocking and deleting files. Start doing some checking on what site got hacked and it looks like it's Cherokee Forum.com. I am so f'n pissed right now. 8 hours of work and I still haven't gotten it removed completely.

It managed to get by, by dropping in as a RootKit and then placing Trojans. RootKits are a major PITA to remove, if you can at all.

Sad part is, I take care of our department's Antivirus/Malware products so I am not a newbie to safe web useage or virus protection. Heck, I actually saved Volksrodders.com, when I found it had been hacked a couple years back and alerted to site Admin. I sent a message to CF but haven't heard anything.

Just a warning to all, don't visit Cherokee Forum.com unless you like to rebuild your box.

Just in case someone pipes in and say something like "don't use IE, blah, blah, blah" I wasn't using IE front end GUI and the browser I use has better protection then IE. I had a user last week get hit from an infected web site (that was hacked) and it came through specifically via Firefox. No browser is immune.

Just wanted to vent!!!!

 

[Schattenjager]

I just hugged my Mac.

Sorry to hear the news - some people just suck - and then they think it's a good idea to have kids to insure we have lots of problems down the road.

 

[TheAlmightySam]

I just hugged my Mac.

No kidding.

That's pretty lame, though.

 

[winkosmosis]

Macs are the least secure computers, so I wouldn't hug it just yet..

Never heard of cherokeeforum but I read NAXJA and Jeepforum

 

[Root Moose]

Macs are the least secure computers, so I wouldn't hug it just yet..

How you figure?

 

[efuentes]

Macs are the least secure computers, so I wouldn't hug it just yet..

My Mac its secure enough to actually forget about the OS and just use the damn thing.

 

[Connie]

My Mac its secure enough to actually forget about the OS and just use the damn thing.

:victory:

 

[winkosmosis]

http://www.macobserver.com/tmo/article/pwn2own_winner_mac_os_x_is_less_secure_than_windows/

Charlie Miller's [COLOR=#002244 ! important][FONT=&quot][COLOR=#002244 ! important][FONT=&quot]Safari [/FONT][COLOR=#002244 ! important][FONT=&quot]web [/FONT][/COLOR][COLOR=#002244 ! important][FONT=&quot]browser[/FONT][/COLOR][/FONT][/COLOR][/COLOR] exploit, which won him a new Mac laptop at last week's Pwn2Own competition, once again ignited the discussion about Mac OS X security. In an interview with the Baltimore Sun, Mr. Miller, who uses a MacBook on a daily basis and who used to work at the National Security Agency, said: "Any security expert knows that Mac OS X is less secure than Windows."
He continued: "The question is which is SAFER. Because Mac OS X is still relatively rare, it is actually a little safer. But it has nothing to do with it being more secure, but rather, that bad guys are entirely focused on Windows at the moment due to the overwhelming market share Windows has. At this time, I still don't recommend anti-virus for Mac OS X users, because there simply isn't much malware for that platform. However, if Mac OS X market share ever goes up, there will be a landslide of exploits and [COLOR=#002244 ! important][FONT=&quot][COLOR=#002244 ! important][FONT=&quot]malware[/FONT][/FONT][/COLOR][/COLOR]."
When asked if Mac users should be worried, he responded: "They should definitely be a little worried." However, there's a perception among many computer users that Mac OS X is inherently secure while Windows isn't, which Mr. Miller said is wrong: "Everything you could do on a Windows machine: turn it into a 'bot,' send spam, perform DDOS [distributed denial of service], etc. can be done from a compromised Mac.
"I have been talking about this issue for a while because I don't want it to come to some large worm or other security issue to force Apple into action,although I'm afraid that is what it will probably take. I want to see Apple become more secure. Until the bottom line is affected, I don't see major changes coming from them. Ironically, Microsoft spends a ton on security, is more secure, but is perceived as less secure!"
Mr. Miller also delved into the reasons why he thinks OS X is less secure, which he said boil down to "two [COLOR=#002244 ! important][FONT=&quot][COLOR=#002244 ! important][FONT=&quot]technologies[/FONT][/FONT][/COLOR][/COLOR] that Windows has that Mac OS X lacks, specifically, are Address Space Layout Randomization (ASLR) and a non-executable heap. These two things make it very hard to write exploits (the code that gains control of your computer) in Windows." He noted that the iPhone has a non-executable heap, which is part of the reason why the smartphone wasn't cracked during last week's competition, and he said that he "heard a rumor that Snow Leopard [Mac OS X version 10.6] will have ASLR."

 

[Root Moose]

So, basically you are saying that Macs are less secure than Windows because of an exploit that might exist in the wild in the future as opposed to the hundreds of thousands that exist for Windows right now in spite of the technical details this pundit is talking about?

If that's your benchmark then sure, you may be right.

LOL

The rest of the article is pure FUD. As it stands today the only way to turn DDOS or bot a Mac is via social engineering. No OS can save the computer from users doing bad things.

 

[warrpath4x4]

Without all the technical mumbo jumbo lol I have been having issues opening threads on cherokee forum with my crackberry for a week or so now.

 

[toledotimber]

I have been a Mac convert for about eight years now and I love them. That said, all one has to do to functionally disable a Mac is delete the Fonts folder, as Mac's structure won't work without it.

 

[ExpoMike]

Just an update. Got a reply from the site admin and it looks like the site itself is fine BUT what we suspect is that the virus was dropped in from a banner ad. These don't reside on the host server so they are not scanned.

This should be a concern everyone as so many sites have these hot linked banner ads. Personally I would rather see any banner ads hosted on the hosted web site, so those files will have the same protection that the rest of the site might have. Anything that gets hot linked out and hence, not scanned via the hosting sites software, is just waiting to become an new source to infect machines.

I appologize to Cherokee Forum, as it was not directly their fault. It just happened to be the site I hit that had an infected banner ad.

 

[BIGdaddy]

I'm sorry, mike. sucks.


Hug?

lol.

Regards,
Brian

 

[GTABurnout]

So is it safe to go to CF? I Don't want to risk it....

Thanks for the heads up...

 

[SWbySWesty]

dang, ok staying away for now....thanks for the heads up!