Msg#: 4420390 posted 9:13 am on Feb 22, 2012 (gmt 0)
I don't know why this hasn't been reported. But vBulletin installations running VBSEO should be updated to the latest version. There is an exploit going around. More information at VBSEO.com. [vbseo.com]
A forum I frequent triggered an antivirus popup warning of a trojan download and then a few weeks later it actually started redirecting referrals from Google. I did a site: search of the forum for the word viagra and the Google cache shows the alternate web page the forum is redirecting to. Nasty stuff.
Msg#: 4420390 posted 3:20 pm on Feb 23, 2012 (gmt 0)
This is very nasty, indeed. Thanks for bringing this to attention!
The exploit was actually on the end of vbseo as their server was compromised. The remotely-hosted version checker was able to inject code as a vBulletin plugin and from there, pretty much given free reign over a vBulletin-powered board.
Lots of questions and until now, not enough answers.
After reading this, I did a search for a popular forum I know and sure enough, as a Google referral, I was redirected to a scammy affiliate site.
Msg#: 4420390 posted 7:28 am on Mar 27, 2012 (gmt 0)
The VBSEO exploit just took another turn. Some forum owners have updated their sites after being hit by the first wave of this VBulletin hack but kept VBSEO, along with the apparent vulnerabilities. Now there is a second wave of hackings exploiting the hole and obtaining admin access, inspiring this thread on the vbulletins forum [vbulletin.com].
It's a mess. I saw one site where the entire site redirects to another website. I did some searching and found a forum that had at least one member's entire five year posting history replaced by links to a specific site. Really nasty stuff.