Earlier today, SophosLabs determined that the website of a European aeronautical parts supplier had been hacked, and a malicious attack planted on it which exploited a zero-day Microsoft security vulnerability that has not yet been patched.
We were alerted to the security problem when a Sophos customer attempted to visit the affected website, and received a warning message that a file on the site was infected by code which attempts to exploit the vulnerability in Microsoft XML Core Services which could allow Remote Code Execution (CVE-2012-1889).
SophosLabs experts determined that the hacked website had been breached, and cybercriminals had planted the following four files into a subdirectory…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.