Entropy

A recent vulnerability in phpBB (forum software) has led to the years biggest single hack (afaik). ItNews and Slashdot have updates/commentary on it. Unfortunately for the hackers, but fortunately for the public it appears that instead of exploiting some browser problem (the wisest move in my opinion) it tries to trick the user into installing software.

Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages. Most of the infected pages are running the phpBB forum software, said McAfee. The compromised pages are embedded with a Javascript file that links to the site hosting the attack.

The infected pages bring up what appears to be a pornographic web site. Upon loading the page, a ‘fake codec’ social engineering attack is attempted. The user is told that in order to view the movie on the page, a special video codec must be installed.