Sure enough, attempting to connect to ST forum (after taking suitable browser-related precautions) redirects to netdevilz.
Since precautions were taken, I have no idea if there are any exploits attempting to run from this page. That I shall leave to the experts. It seems somewhat likely, though.
(Also posted at Wilders)
got an email this am pretending to that-thanks for posting the info. even though i don't use ST ;)
same info in email heading...
Hacking & Security Forums / Turkey
-- Yet AnotherForum.net Bugs in the page soon --
hxxp://netdevilz.org
It’s unlikely that the forum has actually been hacked, just that the email has been sent with a From: address to make it look like it’s from the forum. You can put whatever from address you like in an email, it’s just plain text which is interpreted in a particular way by mail programs. Using most mail clients (Outlook Express, Mozilla etc.) you can specify the address which emails you send come “from”.
Likewise, if someone appears to have sent you a virus, it’s probably not them who has the virus but someone else who has your address and theirs in their address book - the virus finds you in the infected computer’s address book and sends itself to you, appearing to come from someone else in the same address book.
Uh huh. Just try visiting the forum, then.
The only reason I included the text of the email was to inform people what it looked like, and how I became aware of the issue. http://forum.spywareterminator.com/
[EDIT] Just in case, make sure script is disabled before visiting, or set the browser security to high. At the moment it is just a redirect, but I’ve been informed it’s possible the hacker could add an exploit to the code.
Sorry - I misread your original post. Thought you were assuming the forum was hacked based only on the email.
I just took a look. I’m no expert, but I’m not sure that the forum has been hacked as such. Looking at the HTML source for the forum’s home page (before the redirect happens), it looks like there is a tag within a topic description such that it causes (some?) browsers to do the redirect when loading the page.
