Bot Herders Ready Attack Against Message Forums

Botnet controllers may be planning a large-scale attack against message forums, TechWeb has learned.

The SANS Institute's Internet Storm Center (ISC) noted that a bot going by the name "FuntKlakow" has registered on thousands of phpBB forums. Speculating, ISC analyst Marcus Sachs noted that the bot's owner(s) may be preparing to exploit a zero-day vulnerability against the popular php bulletin board software.

"We might be chasing a ghost here but it's always good to be on the lookout for something like this," wrote Sachs in an alert on the ISC site Sunday.

Sachs linked to the original posting about the attack possibility. That posting added that on most boards the FuntKlakow bot had only registered, but that it was capable of posting messages.

A Google search for "FuntKlakow" suggested that the bot may have created accounts on more than 36,000 forums. Some of the forums show messages such as "Oh, how nice" and "Wow, I didn't think of that.""Next time the phpBB announces a critical vulnerability, the bot would have everything ready (just a post click away) from attacking thousands of sites/forums," the original post read.

U.K.-based security and Web measurement company Netcraft added in a Monday alert that the phpBB software has been hit with several security problems, including a January hack of Advanced Micro Devices' (AMD) php-driven support forums that planted malicious code on visitors' machines.