AMD's forums hacked

Visitors to AMD's website forums received a shock when their adware and virus scanners started blaring warnings about a possible Trojan horse being downloaded. Over the past few days visitors have been complaining about strange popup alerts and slow forum speeds. Apparently, the forum webpages were modified to include a link to a malicious Windows Metafile (WMF) image hosted on toolbarsdollars.biz. A major WMF vulnerability that allows hackers to hide code inside of image files was disclosed a few weeks ago and many users still have not patched against it.

As typical with many webpages, AMD's forum pages have external php scripts that are loaded with the iframe tag in the webpage. One of those scripts, in turn, calls up a 16 kiloByte image called xpladv586.wmf that was being hosted at toolbarsdollars.biz, which is a well-known adware site. Several users reported that their anti-virus and anti-adware programs detected the WMF as containing a Trojan horse and promptly sent the file into quarantine. They have also posted several pages worth of messages to other forum members detailing what they did to clean up their computers and stop future threats.

Humphrey Cheung was a senior editor at Tom's Hardware, covering a range of topics on computing and consumer electronics. You can find more of his work in many major publications, including CNN and FOX, to name a few.