The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

SANS Infocon moved to YELLOW

Posted by Xavier Ashe on December 28, 2005

We are moving to Infocon Yellow for a bit. There has been some debate
among the handlers about this step, but considering that a lot of
people are on holidays and might otherwise miss the WMF 0-day problem,
we have decided to raise the alert level.

The folks at Websense Labs have a nice movie on how it looks like if a system gets exploited by this WMF 0-day, see
. Don't go to any of the URLs visible in the movie unless you know what
you are doing (or feel like spending the next hours reinstalling your

The orignal exploit site ( is no longer up.
But the exploit is being served from various sites all over by now, see
the F-Secure Blog on for an update on the versions of the exploit found in the wild.

From the SANS Internet Storm Center.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: