Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Invision Board being exploited - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Invision Board being exploited
On May 21st we reported a vulnerability in Invision Power Board. To be honest I didnt know much about it, or about the amount of sites using it. Well, now I know at least a BIG one that was using it as a forum for its customers. We are still contacting the website owner, so I wont mention it here. But the case is that it was vulnerable and was exploited.
Now, when you visit it, it will try to push a .wmf exploit to you.
PLEASE, DO NOT CLICK ON THE FOLLOWING LINKS!

The iframes on that page were reditecting to HTTP : //  traffweb1.biz/dl/adv771.php and HTTP :   // 2-extreme.biz/traff.php?adv=54 .

Those websites, were redirecting to HTTP : // 85.255.116.234/11.htm  and HTTP : // 85.255.116.234/25.htm .

Which would try to push the .WMF exploit to you...

Fortunately, all AV vendors at Virustotal recognize the exploit, and at least McAfee and Symantec will trigger an alert when you are visiting this forum page.

---------------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno /&&/ isc. sans. org )



Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!