Tech News

TeamSpeak server hijacked to send Malware

By Steve Ragan Apr 16, 2007, 9:20 GMT

The popular gaming communications platform, TeamSpeak, was the victim of a SQL Injection attack over the weekend.  This attack resulted in Spam sent to users, which contained Malware. The Malware located in the file named ‘patch.exe’ is reported by several Anti-Virus vendors to be suspect in nature, or a member of the LdPinch Trojan family.

The email headers for the rouge message detail where the exploit originated. Looking at the X-Mailer line you can see the source of the problem.

---
X-Priority: 3
X-Mailer: vBulletin Mail via PHP
Date: Sat, 14 Apr 2007 21:12:57 +0200
---

The email, form the address noreply [at] goteamspeak.com, offered some advice to TeamSpeak users, “Now you can download new Team Speak patch. It will help you to use our Team Speak servers. We advise you to download it now.” The file was hosted on the TeamSpeak servers for several hours according to forum posts, which allowed for an unknown number of downloads.

The exploit centers on the websites forum software vBulletin. The attack uses SQL Injection code released by a person known only as “SekoMirza” online. The code attacks vBulletin version 3.6.5 or earlier, the same version used on the TeamSpeak forums. TeamSpeak addressed the issue, by removing the file and for a short time Saturday, it appeared as though they took down the forum for maintenance.

“If you participate in our forums, you may have recently received an email asking you to download a patch.exe file. Please do not download or execute this file. Recently a security exploit on our website allowed an intruder to send a mass-email to all registered forums users, informing them of a supposed patch for TeamSpeak. The email was malicious in nature. We have been working around the clock to address this issue and as of this moment it is now resolved. Please keep in mind we take these matters very seriously and are always doing everything we possibly can to ensure that your visit to our website is safe and secure,” they announced on their website.

Anti-Virus coverage for the malicious attachment was strong and many caught the potential infection almost instantly.



COMMENT

FROM THE WEB

Further Reading on M&C

COMMENT on TeamSpeak server hijacked to send Malware

comments powered by Disqus

Latest Headlines in Tech

Monsters and Critics is Looking for Writers and Reviewers

Sites We Like

Site Scene
The Tech Herald

Follow Us

Follow M&C on Pinterest

Search

Custom Search

Classic Games on M&C

Crush the Castle 2

Beer Pong

Bubble Bobble

Mah Jong Connect

Donkey Kong

Also Check Out

Memorial Day Weekend: Angry Orchard enhances Barbecue recipes

Memorial Day Weekend: Angry Orchard enhances Barbecue recipes
Memorial Day Weekend is sliding up on us, and we could not be happier about this. It means a few days where time is a little bit slower, and the food and drink are savory and satisfying but not too heavy. ... more

Abercrombie & Fitch's Big Fat Problem; everyone hates them (VIDEO)

Abercrombie & Fitchs Big Fat Problem; everyone hates them (VIDEO)
Abercrombie & Fitch CEO Mike Jeffries may want to zip it. ... more

Product spotlight: Gaiam Yoga clothes beat high priced competitors

Product spotlight: Gaiam Yoga clothes beat high priced competitors
To know me is to know that I love wearing gym clothes… all the time!  ... more

Product spotlight: Headsweats go-to source for work out hats and caps

Product spotlight: Headsweats go-to source for work out hats and caps
I love working out.  The sense of accomplishment, the endorphins, the sweat! ... more

Review: New Dyson Animal DC50 the King of Sucking It Up

Review: New Dyson Animal DC50 the King of Sucking It Up
Mother's day traditionally was NEVER the day to bust out an appliance as a gift with a big bow on it. But hear me out, as I have a true story to tell you that can possibly change your mind. ... more

On the Web

ZergNet