Cyber Security Institute

Monday, November 22, 2004

Hacker Exploit Spreads Virus Through Banner Ads

Hackers planted a version of the Bofra virus in banner ads served through dozens of Web sites over the weekend.

The malware exploited a vulerability in Internet Explorer that was announced earlier this month; Microsoft says a fix is more than two weeks away.

Hackers used banner ads to launch a widespread attack in Europe over the weekend.  The hackers apparently broke into a that delivers banner ads for Germany’s Falk eSolutions and loaded malicious code on banner advertising that appeared on hundreds of Web sites.  “Early Saturday morning an unauthorized individual exploited a weakness in a load balancer on the European AdSolution network.”  The purpose of the exploit was to establish a redirect to malicious code through a javascript component of Falk’s ad delivery.

The malware exploits the Bofra/IFRAME vulnerability in Internet Explorer, which was announced earlier this month.  Systems that have been upgraded to Windows XP Service Pack 2 reportedly are not affected.

“In total, potential redirects to this exploit code represented less then 2 percent of EU ad requests and under 0.1 percent of U.S. ad requests during this time period,” Falk eSolutions says in a notice on its site.

GMT, the virus was removed from all Falk European and U.S. networks, and normal ad delivery was restored,” the company says.

http://enterprise-security-today.newsfactor.com/story.xhtml?story_title=Hacker-Exploit-Spreads-Virus-Through-Banner-Ads&story_id=28597&category=intrusion