November 30, 2004

Technology news site The Register today identified its ad serving provider, Falk AG, as the source of banner ads which spread an IFRAME exploit via its web site for more than six hours Saturday. The Register apologized to its readers and recommended that they check their machines for infections. Reports Saturday noted that the exploit appeared mostly on numerous European sites.

It was also noted that some U.S sites may have been affected as well.

An analysis of the exploit by LURHQ noted that "one of the hacked sites included a well-known Hollywood film studio's website." Falk AG's client list includes numerous entertainment properties, including NBC/Universal, The Golf Channel, The A&E Network and Sony Pictures Digital. The Dutch news site Nu.nl has also acknowledged hosting the banner exploits.

The Register said it is pursuing details of the event from Falk, which is expected to have public comment about the incident Monday. The LURHQ analysis said some versions of the complex exploit installed adware onto users' computers, while other versions downloaded remote-access trojan.

A marketing blog will significantly increase your sales and site visibility

Windows XP users who have installed Service Pack 2 were not affected by the IFRAME exploit due to buffer-overflow protection incorporated in SP2. But LURHQ said that may not last. "A new, unrelated exploit has just been released that allows remote code installs on SP2, and it is expected that adware vendors/trojan authors will begin to use it in the near future," the security service noted.

Other reports surfacing this weekend suggested that spyware and malware authors are making widespread use of Internet Explorer security holes to install software. Spyware researcher Ben Edelman encountered a URL that auto-installed 16 different spyware or adware programs. "I was not shown licenses or other installation prompts for any of these programs, and I certainly didn't consent to their installation on my PC," writes Edelman.

The latest incidents are prompting a fresh round of recommendations that Web users abandon Internet Explorer in favor of alternate browsers, at least until the IFRAME hole is addressed.

The Internet Storm Center gave that advice in its initial reports Saturday, and The Register today urged readers to "strongly consider running an alternative browser (to Internet Explorer), at least until Microsoft deals with the issue."

Source: Netcraft

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.