Domain registrar Joker.com says its nameservers are under attack, causing outages for customers. More than 550,000 domains are registered with Joker, which is based in Germany. Any of those domains that use Joker's DNS servers are likely to be affected.

"Joker.com currently experiences massive distributed denial of service attacks against nameservers," the registrar says in an advisory on its home page. "This affects DNS resolution of Joker.com itself, and also domains which make use of Joker.com nameservers. We are very sorry for this issue, but we are working hard for a permanent solution."

World of Warcraft is experiencing lengthy downtime, and blaming its service provider for the outages. The virtual world, which now has more than 6 million users, also announced emergency maintenance outages overnight on a large number of game servers (known as "realms").

"We'd like to make all players aware that at this time our internet service provider is experiencing significant complications, and as a result the playability on a large portion of realms has been adversely affected," said a message from Epifanio, Senior Game Master, on the WoW forums.. "Symptoms include but are not limited to lag, random disconnections and slow authentication. Our network technicians are doing everything in their power to work with our ISP so that this issue may be resolved as swiftly as possible."

World of Warcraft is hosted by AT&T, which houses servers for the game at data centers in Los Angeles and Redwood City, Calif., and Ashburn, Va. The outages affected the worldofwarcraft.com web site as well as the game servers, as shown in our uptime chart:

A dynamically updating chart of World of Warcraft's web site performance is available here. Netcraft offers a web site performance monitoring service that provides similar charts, along with e-mail alerts when an outage occurs.

Bots are registering user accounts on thousands of phpBB forums across the Internet, raising concerns that the bot's authors are laying the groundwork for mass exploitation down the road. The activity of a bot named FuntKlakow was discussed in a Digg thread Sunday, with many forum owners confirming that FuntKlakow had created accounts and even posted simplistic messages ("O How nice" and "Wow that is cool").

FuntKlakow's post signatures have included links to proxy surfing and "traffic generator" services, raising the prospect that its goal may be spam rather than exploits. But as noted on a German site that issued an early warning about the bot's behavior, "the next time the phpBB announces a critical vulnerability, the bot would have everything ready (just a post click away) from attacking thousands of sites/forums." Google searches suggested the bot may have created accounts on as many as 33,000 forums.

A web server belonging to a state-operated Chinese bank is hosting phishing sites targeting U.S. banks and financial institutions. Phishing e-mails sent on Saturday (March 11) targeting customers of Chase Bank and eBay were directed to sites hosted on ip addresses assigned to The China Construction Bank (CCB) Shanghai Branch. The phishing pages are located in hidden directories with the server's main page displaying a configuration error. This is the first instance we have seen of one bank's infrastructure being used to attack another institution.

The attack on Chase offers recipients the chance to earn $20 by filling out a user survey which presents a series of questions about the usability of the Chase online banking site, followed by a request for user ID and password, so the $20 "reward" can be deposited to the proper account. The form also requests the victim's bankcard number, PIN number, card verification number, mother's maiden name and Social Security number. Any data submitted is then sent to a free form processing service (free.allforms.mailjol.net) operated by an Indian company but hosted in the U.S. at NetAccess.

Hackers are actively seeking out unpatched versions of the Mambo content management system, which recently repaired a serious security hole. The latest exploit attempts target a different vulnerability than the Mare.D worm, which grabbed headlines last month but apparently did limited damage to Mambo sites. Sites running on Mambo should upgrade to the latest version as soon as possible.

On Feb. 24 James Bercegay of GulfTech Security Research announced vulnerabilities in Mambo that could allow a server compromise by a remote attacker, including several methods of an SQL injection attack. Bercegay also found a way for attackers to use Mambo's file inclusion features to breach system security. Last July Bercegay discovered a weakness in XML-RPC libraries used by numerous PHP-based blogging and content management apps.