Today we have found that in a php forum, someone was posting spam messages. It was obvious in this particular case, because it was a Spanish forum, and the message was in English. Notice that it uses the "guest" account ("invitado").


It sounded quite suspicious, so we tested the url and found that it was using web attacker exploits to install Trojan horses (Trj/Abwiz, Trj/Cimuz). Usually these are password stealers. But it could be other type of malware.

It could be possible that they are using some program to try to post in non restricted forums. So once again be careful before you follow a link from an unknown source.

If you are an administrator, it would be advisable, to check the configuration of your php application. If you allow anonymous posting, your forums could end filled with spam.

Thanks to Vicen for the information.