In late February the Mare.D worm targeted an older security hole in Mambo (patched in February 2005) as well as the XML-RPC vulnerability. The worm doesn’t appear to have affected many Mambo sites, however.
Internet criminals often target unpatched vulnerabilities in open source CMS apps including phpBB, PostNuke, Mambo, Drupal and others, hoping to build botnets for use in phishing scams and distributed denial of service (DDoS) attacks. Compromised web forums hosted more than 600 phishing spoof sites identified by the Netcraft Toolbar Community in 2005.