Earlier today, SophosLabs determined that the website of a European aeronautical parts supplier had been hacked, and a malicious attack planted on it which exploited a zero-day Microsoft security vulnerability that has not yet been patched.
We were alerted to the security problem when a Sophos customer attempted to visit the affected website, and received a warning message that a file on the site was infected by code which attempts to exploit the vulnerability in Microsoft XML Core Services which could allow Remote Code Execution (CVE-2012-1889).
SophosLabs experts determined that the hacked website had been breached, and cybercriminals had planted the following four files into a subdirectory…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.