Looks like there’s a new version of WebAttacker tonight. We just found a web site that we know to run Web Attacker and it’s clearly using SetSlice (MS06-057). We couldn’t get at the admin page, to see what else might be in the new version, but the format of the command we saw was “.cgi?type=MS06-057&SP2″, so that’s clearly new at a minimum.
If you’re patched to October, and you’re running SocketShield, you have little to fear, but if not, please be careful. Web Attacker is always widely used.
More to follow.