The Register serves banner malware
November 30, 2004
Technology news site The Register today identified its ad serving provider, Falk AG, as the source of banner ads which spread an IFRAME exploit via its web site for more than six hours Saturday. The Register apologized to its readers and recommended that they check their machines for infections. Reports Saturday noted that the exploit appeared mostly on numerous European sites.
It was also noted that some U.S sites may have been affected as well.
An analysis of the exploit by LURHQ noted that "one of the hacked sites included a well-known Hollywood film studio's website." Falk AG's client list includes numerous entertainment properties, including NBC/Universal, The Golf Channel, The A&E Network and Sony Pictures Digital. The Dutch news site Nu.nl has also acknowledged hosting the banner exploits.
The Register said it is pursuing details of the event from Falk, which is expected to have public comment about the incident Monday. The LURHQ analysis said some versions of the complex exploit installed adware onto users' computers, while other versions downloaded remote-access trojan.
A marketing blog will significantly increase your sales and site visibility
Windows XP users who have installed Service Pack 2 were not affected by the IFRAME exploit due to buffer-overflow protection incorporated in SP2. But LURHQ said that may not last. "A new, unrelated exploit has just been released that allows remote code installs on SP2, and it is expected that adware vendors/trojan authors will begin to use it in the near future," the security service noted.
Other reports surfacing this weekend suggested that spyware and malware authors are making widespread use of Internet Explorer security holes to install software. Spyware researcher Ben Edelman encountered a URL that auto-installed 16 different spyware or adware programs. "I was not shown licenses or other installation prompts for any of these programs, and I certainly didn't consent to their installation on my PC," writes Edelman.
The latest incidents are prompting a fresh round of recommendations that Web users abandon Internet Explorer in favor of alternate browsers, at least until the IFRAME hole is addressed.
The Internet Storm Center gave that advice in its initial reports Saturday, and The Register today urged readers to "strongly consider running an alternative browser (to Internet Explorer), at least until Microsoft deals with the issue."
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing