Circuit City Discussion Board 0wned

I posted here and here on May 20th regarding exploitation of Invision Power Board bulletin board using in Movable Type’s support forum such that the BB would serve up WMF exploits via IFRAME.
I even submitted the incident along with links to the Secunia writeup to SANS and it was published in the ISC on May 21st.
Looks like whoever is running the Circuit City Home Theatre Discussion Boards didn’t get the message. According the CNET they were 0wned in the same fashion. I think it is interesting to note that unlike Movable Type, Circuit City is notifying the registered users of that board. On the other hand Circuit City apparently didn’t find out about the event until notified by the SANS ISC.
The WMF exploit came out beginning of January. So people really should be patched and on top of that have antivirus. Imagine if they’d been using a newer exploit.