TeamSpeak Forum Hacked, Serves Malware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Malwarebytes researchers recently found that the Brazilian forum for voice communication company TeamSpeak had been compromised and was redirecting traffic to a DotCache exploit kit landing page.

The exploit kit landing page is hosted on atvisti.ro, a forum for ATV enthusiasts that's also been compromised. "If the Java exploit succeeds the final payload is loaded," writes Malwarebytes senior security researcher Jerome Segura. "In this particular example, the payload was the Zero Access Trojan which Malwarebytes Anti-Malware detects as Rootkit.0Access."

According to VirusTotal, the malware is currently detected by only 7 of 46 leading anti-virus solutions.

Kahu Security researchers uncovered a similar compromise on the forum for the Nissan Pathfinder Off Road Association (NPORA) in July of 2013 -- in both cases, JJEncode was used to obfuscate the malicious script.