SANS Infocon moved to YELLOW

We are moving to Infocon Yellow for a bit. There has been some debate
among the handlers about this step, but considering that a lot of
people are on holidays and might otherwise miss the WMF 0-day problem,
we have decided to raise the alert level.

The folks at Websense Labs have a nice movie on how it looks like if a system gets exploited by this WMF 0-day, see
. Don't go to any of the URLs visible in the movie unless you know what
you are doing (or feel like spending the next hours reinstalling your

The orignal exploit site ( is no longer up.
But the exploit is being served from various sites all over by now, see
the F-Secure Blog on for an update on the versions of the exploit found in the wild.

From the SANS Internet Storm Center.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s