Malware attack at the GMC
September 7, 2008
UPDATE: The situation is now over, and the iframe has been removed. Google will still list the GMC as a “malicious website” until they recrawl it.
Some users at the official Game Maker Community have today reported receiving warnings from their antivirus software or web-browsers when viewing the forum.
The alerts are triggered from an iframe which appears to have been maliciously inserted in the forum header and were first reported at around 1:10pm BST.
Two hours after the attack was originally reported it was clear that the GameMaker Community remained vulnerable, as the offending URL in the iframe had been changed from its original to another dubious site.
KC LC’s attempted explanation, “It’s probably being generated by one of the advertisers on YYG”, does not seem remotely plausible to me and I believe the code is more likely to have been the result of a MySQL injection.
NakedPaulToast helpfully provided a link identifying the vulnerability within the Invision Power Board software which is used to run the forum.
A vulnerability has been identified in Invision Power Board (IP.Board), which could be exploited by attackers to manipulate and inject SQL queries. This issue is caused by an input validation error in the “xmlout.php” script when processing the “name” parameter, which could be exploited by malicious people to conduct SQL injection attacks and gain knowledge of sensitive information.
A patch was released on August 29th, so obviously the forum software has not been kept up-to-date.
At around 3:10pm BST YoYo Games CEO Sandy Duncan began writing a post to users of the forum- however this post has not yet appeared.