Bofra burrows in through banner ads

By Dan Ilett, ZDNet
Tuesday, November 23, 2004 10:25 AM

Hackers may have launched a widespread attack in Europe using banner ads to redirect users to Web sites that download malicious code, security experts warn.

After receiving several reports that rogue banner ads had infected users' PCs, researchers at The SANS Institute Internet Storm Center cautioned that hackers may have attacked a large number of servers hosting the advertisements. By placing the link to malicious code in a banner ad delivered to hundreds of Web sites, the attackers multiply the number of potential victims they can reach.

"The Storm Center received a report of a high-profile U.K. Web site that contains a pointer on their main page to another URL hosting the Bofra/IFRAME exploit," wrote Marcus Sachs, director of the SANS Internet Storm Center. "We have confirmed that if this site is visited using Internet Explorer, the exploit will be downloaded."

Banner ads are an ideal tool for the mass distribution of malicious code because they are able to distribute code on many Web sites at the same time.

People who clicked on the ads have seen their computers infected by the Bofra worm, previously referred to as a variants of MyDoom. The worm emerged five days after the iFrame vulnerability in Microsoft's Internet Explorer 6.0 browser software was announced earlier this month. Hackers have already attacked several European Web sites using the unpatched exploit.

The Bofra worm combines multiple attack techniques--spamming, social engineering, virus infections and Trojans--to attack its victims' computers.

Windows XP users who have loaded Service Pack 2 are thought not to be affected by the worm. Microsoft has yet to release a patch for the iFrame exploit, but earlier this month, the company chastised the independent researchers who published the vulnerability for failing to inform it first.

The SANS Internet Storm Center advised PC users to be careful when surfing, to prevent their computer from being compromised.

"Please exercise caution when using Microsoft's Internet Explorer, since this issue has no current patch," Sachs wrote. "The Storm Center recommends using an alternative browser when visiting sites other than those you absolutely trust."

Dan Ilett of ZDNet UK reported from London.

0

0 votes

Save to My Library

Talkback 0 comments

There are currently no comments for this post.

Reply to story

Related Whitepapers

Featured Whitepapers

Tech Jobs Now!

TechGuides

Specials
News and Interviews
Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video
Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

Amazon CTO: Cloud's advantage
Werner Vogels' discusses business benefits of cloud
Play video
Salesforce CEO chatters about new social media platform
Facebook-type app hits the enterprise
Play video

Cost Effective, Secure and HA Server Infrastructure for SMBs
Alan Wan from Dell illustrates how small and medium businesses can build a high availability IT infrastructure without requiring heavy investments on skills and resources.
Play video
Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video