Dotcachef Exploit Pack targets IP Board Forums

The recently discovered Exploit kit "DotkaChef" (aka DotCache, DotCacheF) is appeared to be targeting the websites running the IP Board forum applications.

The exploit pack was first discovered by Chris Wakelin.  Kahu Security analyzed this pack and found all of the infected websites used by "Dotcachef' are running IP Board.

The researcher say cyber criminals might have exploited an old PHP code execution(CVE-2012-5692) vulnerability affecting 3.3.4 and previous IP board forum software versions.

Once the website is successfully compromised the"Dotcachef" is being uploaded to the victim's website in one folder with random name.

You can find the technical details here: http://www.kahusecurity.com/2013/analyzing-dotkachef-exploit-pack/

TeamSpeak Forum hacked and redirects users to DotCacheF Exploit Kit

The official forum of TeamSpeak, a company that provides voice-over-Internet Protocol (VoIP) software, infected with a malicious script. 

Malwarebytes' honeypot found that TeamSpeak forum "forum[dot]teamspeak.com" is compromised and redirects to the DotCacheF exploit page.

Security researchers at Malwarebytes described that the infection is similar to the "malware infection on automobile forum" found by Kahu Security.


The malicious script injected in the forum takes several redirects to reach the Exploit kit landing page which is hosted on another infected website(atvisti[dot]ro).

The exploit kit page attempts to exploit the vulnerable plugin in the victim's browser.  If successful, it drops the ZeroAccess Trojan in the victim's machine.