On BNET: Turn your iPhone into an air mouse
BNET Business Network:
BNET
TechRepublic
ZDNet
5 TalkBacks

By Dan Ilett
Posted on ZDNet News: Nov 22, 2004 6:52:00 PM

Hackers may have launched a widespread attack in Europe using banner ads to redirect users to Web sites that download malicious code, security experts warn.

After receiving several reports that rogue banner ads had infected users' PCs, researchers at The SANS Institute Internet Storm Center cautioned that hackers may have attacked a large number of servers hosting the advertisements. By placing the link to malicious code in a banner ad delivered to hundreds of Web sites, the attackers multiply the number of potential victims they can reach.

"The Storm Center received a report of a high-profile U.K. Web site that contains a pointer on their main page to another URL hosting the Bofra/IFRAME exploit," wrote Marcus Sachs, director of the SANS Internet Storm Center. "We have confirmed that if this site is visited using Internet Explorer, the exploit will be downloaded."

Banner ads are an ideal tool for the mass distribution of malicious code because they are able to distribute code on many Web sites at the same time.

People who clicked on the ads have seen their computers infected by the Bofra worm, previously referred to as a variants of MyDoom. The worm emerged five days after the iFrame vulnerability in Microsoft's Internet Explorer 6.0 browser software was announced earlier this month. Hackers have already attacked several European Web sites using the unpatched exploit.

The Bofra worm combines multiple attack techniques--spamming, social engineering, virus infections and Trojans--to attack its victims' computers.

Windows XP users who have loaded Service Pack 2 are thought not to be affected by the worm. Microsoft has yet to release a patch for the iFrame exploit, but earlier this month, the company chastised the independent researchers who published the vulnerability for failing to inform it first.

The SANS Internet Storm Center advised PC users to be careful when surfing, to prevent their computer from being compromised.

"Please exercise caution when using Microsoft's Internet Explorer, since this issue has no current patch," Sachs wrote. "The Storm Center recommends using an alternative browser when visiting sites other than those you absolutely trust."

Dan Ilett of ZDNet UK reported from London.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 5 Talkback(s)
Another Decent Browser (I prefer over FireFox)
This one doesn't hide all the features you need.. they're on the toolbar, including a popup blocker, popup recovery, flash blocker and MANY more.. including the ability to change skins. Try this one o... (Read the rest)
Posted by: Mr. Tinker Posted on: 11/23/04 You are currently: a Guest | | Terms of Use
Welcome to the world of illegally maintained monopolies  Xunil_Sierutuf | 11/22/04
AMAZING! STUPENDOUS! CURES THE COMMON WEB BROWSER!!  itanalyst | 11/22/04
Don't let the MS Zealots fool you!  chiwawa | 11/22/04
Links to secure Browser here!  anthonycea | 11/22/04
Another Decent Browser (I prefer over FireFox)  Mr. Tinker | 11/23/04

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here