A new WMF attack looming?

It appears that a new WMF attack is coming, as you recall about a year back an WMF vulnerability was used on several high profile sites to infect visitors, this now appears to start happening again.

The first sign of this is the appearance of exploits for the vulnerability, starting off with version specific and evolving into a generic one.

The second sign is web sites being infect with hidden iframe that redirect to a javascript code that is at the moment dormant, or refers to non-existing domains.

The last stage is those javascripts getting modified, or the non-existing domains poping up into existing, you got yourself an infection.

It is time to start your vulnerability assessment engines, make sure all your windows based machines are tested, verify that your website passes a web site audit, and lastly get updated as this news item evolves.

Share