TeamSpeak Forum Hacked, Serves Malware

Malwarebytes researchers recently found that the Brazilian forum for voice communication company TeamSpeak had been compromised and was redirecting traffic to a DotCache exploit kit landing page.

The exploit kit landing page is hosted on atvisti.ro, a forum for ATV enthusiasts that’s also been compromised. “If the Java exploit succeeds the final payload is loaded,” writes Malwarebytes senior security researcher Jerome Segura. “In this particular example, the payload was the Zero Access Trojan which Malwarebytes Anti-Malware detects as Rootkit.0Access.”

According to VirusTotal, the malware is currently detected by only 7 of 46 leading anti-virus solutions.

Kahu Security researchers uncovered a similar compromise on the forum for the Nissan Pathfinder Off Road Association (NPORA) in July of 2013 — in both cases, JJEncode was used to obfuscate the malicious script.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles