2013-10-17: vBulletin Backdoor Sweep
Level Two Attack
(Origin: Krebs on Security - You really should be following that blog)
vBulletin, a popular online forum project, recently revealed a significant vulnerability in a small portion of their installations. Reportedly, over 35,000 forums have been hacked recently because of this vulnerability.
It seems that when administrators leave the "/install" or "/core/install" folders live on the server after installation, it allows attackers essentially unfettered access to the installation.
Because vBulletin installations are very easy to find via Google or Bing searches, attackers have been able to build automated utilities to sweep for vulnerable installations and exploit them effortlessly.
Administrators of vBulletin forums are advised to immediately remove the /core/install and /install folders as indicated in the software's documentation, and also check for unrecognized administrator accounts (such as 'supportvb' and 'The3H4ck') - key indicators that their installation has been compromised.