Circuit City Support Site Hack Installed Spamming Program


The customer support Web site for Richmond based Circuit City, a leading supplier of computers and other consumer electronics, was for several weeks serving up an invasive computer virus to any visitor who browsed the site with an unpatched version of Microsoft's Internet Explorer Web browser.

It appears that unknown hackers broke into the retailer's support forum via a recently patched security flaw in Invision Power Forum, the software the company uses to run the site. Anyone who visited the forum in IE without the protection afforded by a security patch Microsoft released in January most likely got whacked with an exploit that drops a nasty program which gives attackers control over the victim's PC. Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com)

Linked by shanmuga Friday, 2nd June 2006 2:33AM