backerman: Two meerkittens being cute (Default)
Brad Ackerman ([personal profile] backerman) wrote2007-06-20 07:45 pm
  • Add Memory
  • Share This Entry
  • Current Mood: annoyed
  • Current Music: "Virus Alert" (Weird Al Yankovic)

Mediawiki worm

Something's running around pwning either Mediawiki sites (symbianwiki.com in this instance) or PHP in general and inserting a 1x1 IFRAME before the !DOCTYPE header in each response; the browser exploit is hosted on a site that's been taken offline, but I'm assuming it's yet another attack against the trillions of Windows boxes that still haven't been patched with six months ago's patch cluster.

I'm not sure if it's a known attack or not, so am doing a brief writeup for ISC now. I'm from the government, and I'm here to help you.
Threaded | Top-Level Comments Only

[identity profile] jguzman.livejournal.com 2007-06-21 12:50 am (UTC)(link)
Interesting. Is this something I should be worried about for say, my Gallery install?

[identity profile] starcreator.livejournal.com 2007-06-21 06:02 am (UTC)(link)
I'd be more worried about XenoWiki...

[identity profile] yamazakikun.livejournal.com 2007-06-21 09:22 pm (UTC)(link)
Any software that takes input from the outside world needs to be watched for out-of-spec behavior.
Threaded | Top-Level Comments Only