IFRAME Exploit Spreading Through Banner

IFRAME Exploit Spreading Through Banner Ads Security
http://news.netcraft.com/archives/20...anner_ads.html

Banner ads appearing on popular European web sites have been directing
traffic to sites that install malware on visitors' computers,
according to the Internet Storm Center. The attacks are exploiting an
unpatched flaw in the way Internet Explorer 6 handles the IFRAME tag.

"Some high profile sites with banner ads are linking to servers that
have the exploit and malicious code," according to an advisory on the
ISC web site. The attack is an expanded version of banner-based
exploits that first surfaced earlier this year. Banner networks, with
their ability to place code on hundreds of outside sites, offer a
vehicle for the rapid distribution of trojans and other malware, as
well as a way to deface web pages. It is not clear whether the
malicious code was being spread through a compromised ad server, or
through specific banners submitted to ad networks.

Site operators are being cautioned to verify that the banners do not
contain the IFRAME exploit code, or failing that, temporarily disable
banner ads to minimize the risk of accidentally infecting users and
propagating the exploit. The ISC did not identify any of the affected
sites.

Users clicking on the banners are being infected with variants of the
Bofra worm that has been propragating through e-mail and malicious web
sites. Bofra appeared just days after the revelation of the IFRAME
vulnerability, which affects Internet Explorer 6 on all Windows
platforms except Windows XP Service Pack 2 (SP2). This vulnerability
allows attackers to gain complete control of a user's computer.

Microsoft has not issued a patch for the Internet Explorer IFRAME hole
for users that have yet to install SP2. However, a German security
researcher has issued an independent patch, prompting discussion among
security vendors about the risks of "unofficial" patches.

Windows XP SP2 has been downloaded more than 105 million times,
according to Microsoft, but some corporate IT departments have
reported problems with installations. The ISC recommended that IE6
users who haven't installed the SP2 update "utilize a different web
browser until a patch is released by Microsoft."

--
Jose Manuel Tella Llop
MVP - Windows
(E-Mail Removed) (quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna
clase, y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use.