Invision Board being exploited
On May 21st we reported a vulnerability in Invision Power Board. To be honest I didnt know much about it, or about the amount of sites using it. Well, now I know at least a BIG one that was using it as a forum for its customers. We are still contacting the website owner, so I wont mention it here. But the case is that it was vulnerable and was exploited.
Now, when you visit it, it will try to push a .wmf exploit to you.
PLEASE, DO NOT CLICK ON THE FOLLOWING LINKS!
The iframes on that page were reditecting to HTTP : // traffweb1.biz/dl/adv771.php and HTTP : // 2-extreme.biz/traff.php?adv=54 .
Those websites, were redirecting to HTTP : // 85.255.116.234/11.htm and HTTP : // 85.255.116.234/25.htm .
Which would try to push the .WMF exploit to you...
Fortunately, all AV vendors at Virustotal recognize the exploit, and at least McAfee and Symantec will trigger an alert when you are visiting this forum page.
---------------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno /&&/ isc. sans. org )
Now, when you visit it, it will try to push a .wmf exploit to you.
PLEASE, DO NOT CLICK ON THE FOLLOWING LINKS!
The iframes on that page were reditecting to HTTP : // traffweb1.biz/dl/adv771.php and HTTP : // 2-extreme.biz/traff.php?adv=54 .
Those websites, were redirecting to HTTP : // 85.255.116.234/11.htm and HTTP : // 85.255.116.234/25.htm .
Which would try to push the .WMF exploit to you...
Fortunately, all AV vendors at Virustotal recognize the exploit, and at least McAfee and Symantec will trigger an alert when you are visiting this forum page.
---------------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno /&&/ isc. sans. org )
Keywords:
0 comment(s)
×
Diary Archives
Comments