BOFRA Security Exploit - Alert
COMPROMISED AD SERVER SPREADS A VIRUS LIKE WILDFIRE
Banner ads have become the latest delivery mechanism for Hijacking computers through security exploits. A recent wave of banners targetted a known flaw in Microsoft Corp.'s Internet Explorer browser.
Over the weekend, hackers broke into a server that handles ad delivery for Germany's Falk eSolutions. The hackers successfully loaded exploit code on banner advertising, and served them on hundreds of Web sites.
"Users visiting Web sites that carry banner advertising delivered by our system were periodically delivered a file from the compromised site. This file tries to execute the IE-Exploit function on the users' computer," a representative from Falk eSolutions confirmed on Monday.
The exploit (Bofra/IFrame) takes advantage of an IE vulnerability discovered and reported to Microsoft earlier this month. It is a new variant of the MyDoom virus that attacked vulnerable IE users two weeks ago.
The flaw, which does not affect IE users running Windows XP Service Pack 2 (SP2), has not yet been patched.
Falk eSolutions said the affected AdSolution ad serving software is used by a large group of Web publishers, agencies and marketers worldwide, but it did not say how many of those customers were affected. One ad server can easily deliver millions of banner advertisements in a day.
Some of Falk AdSolution clients include AtomShockwave, IDG, A&E Television Networks, and MediaCom.
The Register was the first to notice that banner ads served by Falk were launching exploit code to non-SP2 IE users.
"If you may have visited The Register between 6am and 12.30pm GMT on Saturday, Nov 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue," a representative from The Register said.
The site said it suspended ad serving by Falk eSolutions as soon as it discovered the problem. At midday EST on Monday, The Register was still not serving banner ads.
In a brief note posted Monday, Falk said a virus found on its European network was "inadvertently redistributed" to a small number of users (calculated under 2 percent).
"As of 11:30 a.m. GMT, the virus was removed from all Falk European and U.S. networks, and normal ad delivery was restored," the company said.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.