Apr 12 2008

Chinese hackers targeting Coppermine Photo Gallery

Published by at 9:56 am under US attacks

This is Jumper’s area of expertise so I will withhold comment (like I have some sort of a choice).  Creating a bit of problems out there so I wanted to pass on what is being talked about.  From Phil, at massyn.net, Oh dear – I was hacked:

As for the domain cdpuvbhfzz.com, it’s almost impossible to determine where it came from. It was registered through a Chinese website, named http://www.bizcn.com. I’m still waiting to hear from their support line if they’ll be taking this domain down, as it’s a serious breach of security.

Very good information from his website on the attack here

Phil also offers a thread link on the Coppermine problem.

One response so far

One Response to “Chinese hackers targeting Coppermine Photo Gallery”

  1. jumperon 14 Apr 2008 at 8:33 am

    From the forum: “proximate the bummers executed “galerie/update.php” and “/galerie/pluginmgr.php?op=upload” to opload a file (“/galerie/plugins/docs.php”.).
    this file has following source-code (see below) and runs different operations, whereby the chmods are set to 777 for directories and files.
    therefore *.htm and *.php can be updated with an iframe-code that calls the “cdpuvbhfzz.com”-shit.”

    Apart from having cdpuvbhfzz.com registered in China, it doesn’t have much connection. Some people have suggested that it is the RBN behind this one. Without analyzing the malware, I’d probably agree with that. See Dancho Danchev (http://ddanchev.blogspot.com/) for all the information about the RBN that you ever wanted.