IFRAME Exploit Spreading Through Banner

Discussion in 'Windows XP Basics' started by JM Tella Llop [MVP Windows], Nov 21, 2004.

  1. IFRAME Exploit Spreading Through Banner Ads Security

    Banner ads appearing on popular European web sites have been directing
    traffic to sites that install malware on visitors' computers,
    according to the Internet Storm Center. The attacks are exploiting an
    unpatched flaw in the way Internet Explorer 6 handles the IFRAME tag.

    "Some high profile sites with banner ads are linking to servers that
    have the exploit and malicious code," according to an advisory on the
    ISC web site. The attack is an expanded version of banner-based
    exploits that first surfaced earlier this year. Banner networks, with
    their ability to place code on hundreds of outside sites, offer a
    vehicle for the rapid distribution of trojans and other malware, as
    well as a way to deface web pages. It is not clear whether the
    malicious code was being spread through a compromised ad server, or
    through specific banners submitted to ad networks.

    Site operators are being cautioned to verify that the banners do not
    contain the IFRAME exploit code, or failing that, temporarily disable
    banner ads to minimize the risk of accidentally infecting users and
    propagating the exploit. The ISC did not identify any of the affected

    Users clicking on the banners are being infected with variants of the
    Bofra worm that has been propragating through e-mail and malicious web
    sites. Bofra appeared just days after the revelation of the IFRAME
    vulnerability, which affects Internet Explorer 6 on all Windows
    platforms except Windows XP Service Pack 2 (SP2). This vulnerability
    allows attackers to gain complete control of a user's computer.

    Microsoft has not issued a patch for the Internet Explorer IFRAME hole
    for users that have yet to install SP2. However, a German security
    researcher has issued an independent patch, prompting discussion among
    security vendors about the risks of "unofficial" patches.

    Windows XP SP2 has been downloaded more than 105 million times,
    according to Microsoft, but some corporate IT departments have
    reported problems with installations. The ISC recommended that IE6
    users who haven't installed the SP2 update "utilize a different web
    browser until a patch is released by Microsoft."

    Jose Manuel Tella Llop
    MVP - Windows
    (quitar XXX)

    Este mensaje se proporciona "como está" sin garantías de ninguna
    clase, y no otorga ningún derecho.

    This posting is provided "AS IS" with no warranties, and confers no
    You assume all risk for your use.
    JM Tella Llop [MVP Windows], Nov 21, 2004
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marc Liron

    NEW worm spreading fast - W32/Sobig-F

    Marc Liron, Aug 19, 2003, in forum: Windows XP Basics
    Jim Eshelman
    Aug 20, 2003
  2. Carl de Roy

    Data Source Exploit

    Carl de Roy, Jan 18, 2004, in forum: Windows XP Basics
    Carl de Roy
    Jan 18, 2004
  3. Larry Samuels

    Heads up--W32.Novarg.A@mm spreading rapidly

    Larry Samuels, Jan 27, 2004, in forum: Windows XP Basics
    Larry Samuels
    Jan 27, 2004
  4. Mitch

    NEW! Remote Exploit ~lsass.exe

    Mitch, Apr 30, 2004, in forum: Windows XP Basics
    May 8, 2004
  5. Bob

    Wesley-DSO Exploit

    Bob, Jun 1, 2004, in forum: Windows XP Basics
    Mar 19, 2005