YaBB SE Flawe

[Forum Doveloper]

MIME. exploit  virus. (I disabled sendmail) it infected the display.php then it hit strait for the admin.php, subs.php, and index.php (basically the hub where the virus can spread rapidly) then it attempted to use the send mail (Disabled it) to duplicate and spread itself.

It only took minutes. I had to use NetSheild to clean the virus. You  guys should really dovelop some file to combat this. Not only will it save people trouble but it will also put YaBB SE ahead of other BBS.

You should seriously consider it because there are heavy loaded internet viruses out there.

[mediman]

your php files was infected by a mime virus that used the mime header bug

mediman

[Forum Doveloper]

No Mime.exploit virus is kinda like a Worm + virus + trojan. You see Once an infected system visits the board this virus is automatically transfered, or if the person who has the virus even trys to put it on attachment or has it on there default IE program it infects the system automatically. Regardless of anything. Index.php uses a different type of veiwing so in this case index.php serves as a hub to infect all other files. Then whoever visits the board contracts the virus.

This is a flawe most BBS have so if you are capable of doveloping something to trap/ prevent this YaBB would be a much safer board to use thus improving its status to a 'suggested board'

[David]

Feel like giving us a link to a Symantec or other virus site about this?

[Forum Doveloper]

go to http://vil.mcafee.com/dispVirus.asp?virus_k=99273
I took the virus from the e-mail and placed it into my IE Beta version folder (I using IE Stable) and used it on Yabb

[mediman]

Yes, please a link! I know about Pirus.PHP but this is another story.

mediman

[Forum Doveloper]

I already gave the link in my last post... Now Onto virus #2 http://vil.mcafee.com/dispVirus.asp?virus_k=98882
that page give you info on JS/Seeker.gen virus. I used it on YaBB SE and it proved affective. It slowly crippled the test server so I had to use desperate measures. this has no impact on the user of the board untill the server is fully corupted in which time it trys to spread itself.

[mediman]

i know it was that header thing! there is no way to make yabbse more secure with this prob. maybe php, but not yabbse!

this virus change the mime information into the email header, not into the attached file!

here´s a patch for this header security hole!

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp

mediman

[chris]

MIME. exploit  virus. (I disabled sendmail) it infected the display.php then it hit strait for the admin.php, subs.php, and index.php (basically the hub where the virus can spread rapidly) then it attempted to use the send mail (Disabled it) to duplicate and spread itself.

It only took minutes. I had to use NetSheild to clean the virus. You  guys should really dovelop some file to combat this. Not only will it save people trouble but it will also put YaBB SE ahead of other BBS.

You should seriously consider it because there are heavy loaded internet viruses out there.

On which OS was YaBB running? What exactly did the virus do?

It shouldn't be the task of a bulletin board to protect the server against Bugs in the WebServer/Operating System/Browser....

At least thats my opinion.