Friday, November 03, 2006

October Web Attacker?

Hi folks,

Looks like there's a new version of WebAttacker tonight. We just found a web site that we know to run Web Attacker and it's clearly using SetSlice (MS06-057). We couldn't get at the admin page, to see what else might be in the new version, but the format of the command we saw was ".cgi?type=MS06-057&SP2", so that's clearly new at a minimum.

If you're patched to October, and you're running SocketShield, you have little to fear, but if not, please be careful. Web Attacker is always widely used.

More to follow.



Post a Comment

<< Home