The Bofra/IFRAME virus is back
November 22, 2004
Hackers may have launched a widespread attack in Europe, using banner ads to redirect users to Web sites that download malicious code, security experts warn. After receiving several reports that rogue banner ads had infected users' PCs, researchers at The SANS Institute Internet Storm Center cautioned that hackers may have attacked a large number of servers hosting the advertisements.
By placing the link to malicious code in a banner ad delivered to hundreds of Web sites, the attackers multiply the number of potential victims they can reach.
"The Storm Center received a report of a high-profile U.K. Web site that contains a pointer on their main page to another URL hosting the Bofra/IFRAME exploit," wrote Marcus Sachs, director of the SANS Internet Storm Center. "We have confirmed that if this site is visited using Internet Explorer, the exploit will be downloaded."
Leasing links to your website will boost your search engine visibility
Banner ads are an ideal tool for the mass distribution of malicious code because they are able to distribute code on many Web sites at the same time.
People who clicked on the ads have seen their computers infected by the Bofra worm, previously referred to as a variants of MyDoom. The worm emerged five days after the iFrame vulnerability in Microsoft's Internet Explorer 6.0 browser software was announced earlier this month. Hackers have already attacked several European Web sites using the unpatched exploit.
The Bofra worm combines multiple attack techniques--spamming, social engineering, virus infections and Trojans--to attack its victims' computers.
Windows XP users who have loaded Service Pack 2 are thought not to be affected by the worm. Microsoft has yet to release a patch for the iFrame exploit, but earlier this month, the company chastised the independent researchers who published the vulnerability for failing to inform it first.
The SANS Internet Storm Center advised PC users to be careful when surfing, to prevent their computer from being compromised.
"Please exercise caution when using Microsoft's Internet Explorer, since this issue has no current patch," Sachs wrote. "The Storm Center recommends using an alternative browser when visiting sites other than those you absolutely trust."
Source: C-Net News
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing