We've gotten e-mail from some of our readers that indicates a new variant of the Mambo/XML-RPC exploits from last year (see http://isc.sans.org/diary.php?storyid=870 and http://isc.sans.org/diary.php?storyid=823) are making the rounds.  As far as we can tell, it still exploits the same vulnerabilities, so those who patched last year should be okay, but obviously there are some servers out there that haven't because we have word of a few that have been defaced via this exploit. :(

-------------------------
Jim Clausing, jclausing --at-- isc.sans.org