AMD Web site used to spread malware

By Derek Sooman on January 31, 2006, 8:03 PM
It appears that customer support discussion forums on the site have been used to spread a WMF exploit. First reported on Monday in a blog posting by Mikko Hypponen (manager of antivirus research at F-Secure Corp. in Helsinki), the problem saw hackers exploiting a widely reported flaw in the way the Windows operating system renders images that use the WMF (Windows Metafile) graphics format.

Attackers have figured out a way to use AMD's forums to deliver maliciously encoded WMF images to visitors, which are then used to install unauthorized software on the unpatched systems, he said.

In this case, the software appears to be a number of different malicious tool bars. "Most of the tool bars show pop-ups, follow your search and other keyword activity, and use that to target ads to you," Hypponen said. "It's for-profit hacking. Somebody is making money from each machine that is hit by these tool bars."

The vulnerability enabled attackers to install any type of software they wanted on unpatched systems. How the attackers were able to compromise the AMD forums is unclear.

User Comments: 13

Got something to say? Post a comment
vigilante said:
Pretty scary stuff.Has Techspot analyzed it's own forums now??? :)
gamingmage said:
Wow just goes to show how susceptible forums are and that they need anti-virus programs as well.
DragonMaster said:
I suppose that other forums are also being used like this...
Need_a_Dell said:
It truly is amazing how people are able to find these exploits in the most seemingly secure places! I suppose that the best way to prevent this sort of thing is to do what gamingmage suggested, forums need to scan things as they're being uploaded onto the forum.
blue_dragon said:
wow im not going back to my friends forum without thinking about helps to keep people informed and micrsoft isnt doing doing a good patches shoulkd be installed w/o the person even knowing it
MonkeyMan said:
This is unfortunate. Whoever is behind this, certaintly wants to see AMD fall, but I assure you, that will never happen. Hope you get everything straightened out AMD!!!!!!!
Race said:
An important point here is getting used to the fact that any site could potentially harbor an exploit.The lesson is one that continuously needs to be emphasized........"used to install unauthorized software on the unpatched systems".Keep your system updated and patched! (being pro-active and paying attention to security alerts certainly helps as well)
JMMD said:
Being more vigilant with PC protection and security should be more publicized in the media. Iím the only one in my family who has any idea about security and protection. Iím sure this is quite common. This is the cyber equivalent of using a condom for to protect yourself from diseases. The average user is oblivious to the dangers of having a PC unprotected and online. More needs to be done to educate novice computer users.
Vaulden said:
I guess going to reputable web sites is now not always safe these days. Good thing I keep my systems updated.And I agree with JMMD, more awareness needs to be given to the masses. But how could that be done where they would pay attention?
nathanskywalker said:
Wow, impressive. Very good idea. And i think that we would all agree that AMD's help forums were secure....until we all read this. Hmm... hope AMD has a way of fixing this.
djleyo said:
Bad news for AMD and users of its forums clearly there servers need security upgrades to bad someone is looking to affect AMD could be an intel fan :)
Kreuger said:
That's gotta suck for them.
mentaljedi said:
I hope Intel hasn't hired some hackers to do this to lower competition... Thats something Microsfot would do to Google's engine!
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.