First let me point out that the vulnerability that was found has a patch that has been available since January of 2013. So patch your servers!

While working on servers for our clients at CF Webtools, I found a nasty little Trojan that was slipped onto a client server that was stealing credit card information. I first read back about this type of attack in December 2013 from PCWorld - Attackers exploited ColdFusion vulnerability to install Microsoft IIS malware. The quick rundown is that an unpatched ColdFusion server allowed an attacker to slip a hidden IIS module onto the server and install it in IIS. This IIS Module then steals the credit card data as it passes through IIS. I have the full details posted over on Mark Kruger's, aka. ColdFusion Muse blog.

Yet one more reminder to make sure your ColdFusion servers are patched! Either patch them yourself, have your hosting provider patch them or if they are not familiar or knowledgeable with ColdFusion contact us at CF Webtools to patch your servers.