The researchers at Websense have discovered and are remediating a VML exploit on one of the official superbowl sites. This will certainly be a high traffic thing, so there may be a number of infections. It’s not clear how long the exploit’s been there.

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=733

We’ve got sigs out for the trojan eventually installed. It’s unlike most we’ve seen, and doesn’t have an official name yet. more as we get it. The signature is here. If you get hits on this I’d react quickly, but your current AV signatures likely do not have coverage yet.

http://www.bleedingthreats.net/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_Unknown_Downloader?view=markup

Updates soon. Watch the Websense analysis page as well for info.

Matt

This entry was posted on Friday, February 2nd, 2007 at 5:48 pm and is filed under General, New Rules. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.