Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Invision Board being exploited InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Invision Board being exploited

Published: 2006-06-01
Last Updated: 2006-06-01 16:26:06 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
On May 21st we reported a vulnerability in Invision Power Board. To be honest I didnt know much about it, or about the amount of sites using it. Well, now I know at least a BIG one that was using it as a forum for its customers. We are still contacting the website owner, so I wont mention it here. But the case is that it was vulnerable and was exploited.
Now, when you visit it, it will try to push a .wmf exploit to you.
PLEASE, DO NOT CLICK ON THE FOLLOWING LINKS!

The iframes on that page were reditecting to HTTP : //  traffweb1.biz/dl/adv771.php and HTTP :   // 2-extreme.biz/traff.php?adv=54 .

Those websites, were redirecting to HTTP : // 85.255.116.234/11.htm  and HTTP : // 85.255.116.234/25.htm .

Which would try to push the .WMF exploit to you...

Fortunately, all AV vendors at Virustotal recognize the exploit, and at least McAfee and Symantec will trigger an alert when you are visiting this forum page.

---------------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno /&&/ isc. sans. org )



Keywords:
0 comment(s)
Diary Archives