Ziff Davis Internet
News & Resources for the IT Reseller
NewsReviewsTech AnalysisCommentarySecurityLinux/Unix
My Account |  

IE Exploit Targets Banner Ad Servers
By Ryan Naraine


The ubiquitous banner ad has become the latest delivery mechanism for exploit code targeting a known flaw in Microsoft Corp.’s Internet Explorer browser.

ADVERTISEMENT

During a 12-hour window over the weekend, hackers broke into a load balancing server that handles ad deliveries for Germany’s Falk eSolutions and successfully loaded exploit code on banner advertising served on hundreds of Web sites.

“Users visiting Web sites that carry banner advertising delivered by our system were periodically delivered a file from the compromised site. This file tries to execute the IE-Exploit function on the users’ computer,” Falk eSolutions confirmed Monday.

The exploit (Bofra/IFrame) takes advantage of an IE vulnerability discovered and reported to Microsoft earlier this month. It is a variant of the MyDoom virus that launched zero-day attacks on vulnerable IE users two weeks ago.

PointerRead more here about the zero-day attacks.

The flaw, which does not affect IE users running Windows XP Service Pack 2 (SP2), has not yet been patched.

Falk eSolutions said the affected AdSolution ad serving software is used by more than 150 Web publishers, agencies and marketers worldwide, but it did not say how many of those customers were affected.

eWEEK Special Report: Securing WindowsFalk AdSolution clients include AtomShockwave, IDG, A&E; Television Networks, MediaCom and Universal McCann.

European tech publisher The Register was the first to notice that banner ads served by Falk were launching exploit code to non-SP2 IE users.

“If you may have visited The Register between 6am and 12.30pm GMT on Saturday, Nov 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue,” The Register said in a statement.

The site said it suspended ad serving by Falk eSolutions as soon as it discovered the problem. At midday EST on Monday, The Register was still not serving banner ads.

PointerIE rival Mozilla Firefox 1.0 impresses eWEEK Labs. Read the review here.

In a brief note posted Monday, Falk said a virus found on its European network was “inadvertently redistributed” to a small number of users (calculated under 2 percent).

“As of 11:30 a.m. GMT, the virus was removed from all Falk European and U.S. networks, and normal ad delivery was restored,” the company said.

Additional details on the network breach were provided to The Register, which posted a second notice outlining the problems with one of the ad server’s load balancers.

“This attack made use of a weak point on this specific type of load balancer. The function of a load balancer is to evenly distribute requests to the multiple servers behind it. The system concerned was only used to handle a specific request type to our ad server and has now been investigated,” the note read.

“The use of a weak point in one of our load balancers led to user requests not being passed to the ad servers. Instead the user requests were answered with a 302 redirect to a compromised website. This happened with approximately every 30th request,” the company added.

Next Page: Extent of the compromise?

     
1 | 2   next >

Email


TALKBACK

MICROSOFT RESOURCE CENTER
Free Hands-On Training Lab
Find out how key features of SBS 2003 can help you open up a new line of revenue. Register now >>


SBS 2003 Sales Reference Card
This handy reference card contains features at a glance, sales objection handling, pricing guidelines & more. Get it now >>


Microsoft Empower for ISVs rewards your big idea with big benefits and support.
Access key development tools at a low cost to help you develop that idea into an innovative application. Learn more >>




 
FREE WHITE PAPER
Changing Business for the Better: A Practical Guide to BPM


This paper provides an overview of the benefits of BPM technologies and identifies the characteristics of BPM solutions that lead to successful BPM process-centric integration projects.


Download this free white paper to learn more!


>> brought to you by IBM

Attention Microsoft Solution Providers!



Want to gain a competitive edge? Try Microsoft Watch – FREE!



Each week you receive:
  • Microsoft News and Insider Information
  • Expert Analysis
  • Code Names of Upcoming MS Products
  • Year-Ahead Calendar, updated monthly



    Click Here to sign up now for your FREE 14 Day Trial to Microsoft Watch.
  •  
  • Add up to $1,200 of value with the new BONUS PACKS.
  • HP PartnerONE: The key to increasing your margins.
  • HP Compaq nc6129 Business Notebook. $1149 Smart Buy
  • HP xw8200 workstation. Smart Buy price $1549.
  • ProLiant DL360G4p server: HP Smart Buy price $1647
  • Microsoft files new anti-piracy lawsuits. Learn more.
  • New offers with Windows Genuine Advantage.


  • POPULAR TOPICS
    CHANNEL INSIDER BUYER’S GUIDE
    •Catalog Publishing
    •Dealer Management
    •Order Configuration
    •Price Management
    •Sales Management

    View All >

    CAREER CENTER
    Search the jobs you want & get the info you need – post your resume here today!

    Powered by Dice
    SPECIAL REPORTS
    White Boxes
    MS vs. IBM
    Linux in the Channel
    Network
    CHANNEL RSS FEED
    Stay in the Zone
    Put The Channel Insider on your desktop.
    FREE NEWSLETTERS
    Subscribe to The Channel Insider: Channel News, Reviews, Resources and more.

    Make your selections below:


    Contract Watch

    The Channel Insider Update

    Preferred e-mail format:

    Enter your e-mail:


    view all newsletters >>
    Channel Insider Quick Links
    Ziff Davis Footer Logo