Netcraft reports on a series of malicious banner ads using a vulnerability in Internet Explorer 6 to spread the Bofra virus. Clicking on the banners sends you to a website that uses the recently-discovered IFRAME vulnerability to infect your computer. Of note are the facts that there is no patch for this yet,
and XP SP2 is affected (whoops, I misread that part).
The Register found the ads on their own website and identified the source as ad server Falk AG. They have pulled Falk AG’s ads from their rotation and apologized to their readers. Netcraft adds that Falk AG’s clients include high-profile sites such as A&E, NBC, and Sony. The ad company has issued a statement, but the page currently consists of the line “Server Engine: Application error.”
Update 3pm: The statement from Falk [archive.org] is readable now. Apparently someone broke into one of their network load balancers and reconfigured it to redirect ads to the malicious site. Once they discovered it, they shut down the affected system and started checking the rest. The malicious ads ran for a total of about 6 hours on Saturday.
Update Tuesday: the Internet Storm Center has posted a write-up of the attack response.
Of course, there are several ways to protect yourself from this type of attack.
[…] good start, but the trouble is that Microsoft created this problem in the first place. As long ago as 2004, IE6 was regarded as “unsafe at any speed”, but it took Microsoft another two years to get IE7 out the door, during which Opera and Firefox […]