Warnings issued over infected banners
Warnings issued over infected banners
Security fears have been issued over website ad banners that have been attacking vulnerabilities inside Internet Explorer to launch malicious code and re-direct users to different sites.
The SANS Internet Storm Centre said that the Iframe vulnerability in Internet Explorer has been exploited, but many lessons could be learned about how to contain these kinds of attacks.
On its website it said: "Some time last week one of Falk eSolutions' load balancing servers was intruded into via a known vulnerability. Once inside the server, the attacker was able to modify the banner ad code to point to another compromised site (search.comedycentral.com,199.107.184.146) where additional malicious code had been placed. It is not known when Comedy Central was intruded into.
"The first recorded incident in this intrusion set happened on Friday night, but we did not hear about it until Saturday afternoon. About 100 hosts recorded in the network hit the Comedy Central site and downloaded malicious software the previous evening.
"We don't know how they reached the infected server, but it's likely that it was not through The Register (which was found to be the source of the attacks) since the network is in California."
Overall, the SANS Internet Storm Centre reported that the Comedy Central and perhaps other sites were compromised first, followed by Falk eSolutions. Then, Falk's site was configured to redirect visitors to Comedy Central.
High-profile websites such as The Register use Falk's AdSolution Global service to place banner ads on their pages, and about one in thirty hits resulted in a re-direct to the hostile site.
As a result of this, security experts recommended users to choose another browser instead of Internet Explorer, or disable Active Scripting to protect themselves against the exploits.
Users are also advised to check that their banners do not contain the Iframe malicious code, although detecting the exploit code in ad banners can be very difficult.
However, the LURHQ website outlines the bad code in the banner ads here.
The SANS Internet Storm Centre said that there is a six-step approach to handling incidents of this nature, which you can follow here.
Related Article: