Attacks continue in the wild against ASP pages with SQL injection flaws. It appears that the worm is injection scripts and iframes into the webpages which then forwards users to another page with an exploit embedded. The exploits are believed to be based on recent Real Player vulnerabilities. take over visitors to the websites. It looks like the infection of user machines is by Real Player vulnerabilities that seem more or less detected pretty well. It’d be a good idea to make sure everyone has Real Player updated if it is installed as a precaution for users that may visit any infected site.
We have received word of a working MBR rootkit that works on modern systems. Not a new concept, but one that hasn’t had attention for several years. Windows Vista allows users to edit the MBR from userland. A MBR rootkit has been discovered in the wild at the end of 2007. Keep an eye on this for more information coming in the future.