Hackers lurk in AMD Web site

Hackers are delivering malicious software via AMD's customer support forums.

Users of AMD's microprocessors may want to think twice before looking for technical support on the company's Web site. Customer support discussion forums on the forums.amd.com site have been compromised and are being used in an attempt to infect visitors with malicious software, an AMD spokesman confirmed Monday.

The problem was first reported Monday in a blog posting by Mikko Hypponen, manager of antivirus research at F-Secure Corp. in Helsinki (http://www.f-secure.com/weblog/#00000795). As of Monday morning, AMD technicians were still working to resolve the problem, according to AMD spokesman Drew Prairie.

Because AMD had just learned of the problem, Prairie could give few details on how the site was compromised or on when AMD expected to have the issue resolved. "It's being worked on and corrected," he said.

According to F-Secure's Hypponen, attackers are exploiting a widely reported flaw in the way the Windows operating system renders images that use the WMF (Windows Metafile) graphics format. This flaw was patched on Jan. 5, so users who are running versions of Windows that have the latest patches installed are not at risk, he said.

Attackers have figured out a way to use AMD's forums to deliver maliciously encoded WMF images to visitors, which are then used to install unauthorized software on the unpatched systems, he said.

In this case, the software appears to be a number of different malicious toolbars. "Most of the toolbars show pop-ups, follow your search and other keyword activity, and use that to target ads to you," Hypponen said. "It's for-profit hacking. Somebody is making money from each machine that is hit by these toolbars."

Because of the nature of the WMF vulnerability, however, hackers could install any type of software they wanted on unpatched systems, he said.

How the attackers were able to compromise the AMD forums is unclear. Hypponen said that the AMD server could have been hacked, but that the problem could also be due to an intrusion at an AMD partner Web site or at an ISP (Internet service provider), he said.

These kind of WMF exploits have already been seen on a number of Web sites, but AMD is the most high-profile victim, Hypponen said. Because users tend to trust content being served by known Web sites like AMD, the hack is particularly troublesome, he added.

Ironically, AMD Web site visitors who are using chips that support the new DEP (Data Execution Prevention) feature, which prevents software from running where it doesn't belong, are probably protected from the WMF malware, Hypponen said. "If you are running an AMD processor with DEP enabled, it likely protects you from the vulnerability that hit you from the AMD site."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?