IFRAME Exploit Spreading Through Banner

Discussion in 'Windows XP New Users' started by JM Tella Llop [MVP Windows], Nov 21, 2004.

  1. IFRAME Exploit Spreading Through Banner Ads Security
    http://news.netcraft.com/archives/2004/11/21/iframe_exploit_spreading_through_banner_ads.html

    Banner ads appearing on popular European web sites have been directing
    traffic to sites that install malware on visitors' computers,
    according to the Internet Storm Center. The attacks are exploiting an
    unpatched flaw in the way Internet Explorer 6 handles the IFRAME tag.

    "Some high profile sites with banner ads are linking to servers that
    have the exploit and malicious code," according to an advisory on the
    ISC web site. The attack is an expanded version of banner-based
    exploits that first surfaced earlier this year. Banner networks, with
    their ability to place code on hundreds of outside sites, offer a
    vehicle for the rapid distribution of trojans and other malware, as
    well as a way to deface web pages. It is not clear whether the
    malicious code was being spread through a compromised ad server, or
    through specific banners submitted to ad networks.

    Site operators are being cautioned to verify that the banners do not
    contain the IFRAME exploit code, or failing that, temporarily disable
    banner ads to minimize the risk of accidentally infecting users and
    propagating the exploit. The ISC did not identify any of the affected
    sites.

    Users clicking on the banners are being infected with variants of the
    Bofra worm that has been propragating through e-mail and malicious web
    sites. Bofra appeared just days after the revelation of the IFRAME
    vulnerability, which affects Internet Explorer 6 on all Windows
    platforms except Windows XP Service Pack 2 (SP2). This vulnerability
    allows attackers to gain complete control of a user's computer.

    Microsoft has not issued a patch for the Internet Explorer IFRAME hole
    for users that have yet to install SP2. However, a German security
    researcher has issued an independent patch, prompting discussion among
    security vendors about the risks of "unofficial" patches.

    Windows XP SP2 has been downloaded more than 105 million times,
    according to Microsoft, but some corporate IT departments have
    reported problems with installations. The ISC recommended that IE6
    users who haven't installed the SP2 update "utilize a different web
    browser until a patch is released by Microsoft."

    --
    Jose Manuel Tella Llop
    MVP - Windows
    (quitar XXX)
    http://www.multingles.net/jmt.htm

    Este mensaje se proporciona "como está" sin garantías de ninguna
    clase, y no otorga ningún derecho.

    This posting is provided "AS IS" with no warranties, and confers no
    rights.
    You assume all risk for your use.
     
    JM Tella Llop [MVP Windows], Nov 21, 2004
    #1
    1. Advertisements

  2. JM Tella Llop [MVP Windows]

    Guest Guest

    "JM Tella Llop [MVP Windows]" wrote:

    > IFRAME Exploit Spreading Through Banner Ads Security
    > http://news.netcraft.com/archives/2004/11/21/iframe_exploit_spreading_through_banner_ads.html
    >
    > Banner ads appearing on popular European web sites have been directing
    > traffic to sites that install malware on visitors' computers,
    > according to the Internet Storm Center. The attacks are exploiting an
    > unpatched flaw in the way Internet Explorer 6 handles the IFRAME tag.
    >
    > "Some high profile sites with banner ads are linking to servers that
    > have the exploit and malicious code," according to an advisory on the
    > ISC web site. The attack is an expanded version of banner-based
    > exploits that first surfaced earlier this year. Banner networks, with
    > their ability to place code on hundreds of outside sites, offer a
    > vehicle for the rapid distribution of trojans and other malware, as
    > well as a way to deface web pages. It is not clear whether the
    > malicious code was being spread through a compromised ad server, or
    > through specific banners submitted to ad networks.
    >
    > Site operators are being cautioned to verify that the banners do not
    > contain the IFRAME exploit code, or failing that, temporarily disable
    > banner ads to minimize the risk of accidentally infecting users and
    > propagating the exploit. The ISC did not identify any of the affected
    > sites.
    >
    > Users clicking on the banners are being infected with variants of the
    > Bofra worm that has been propragating through e-mail and malicious web
    > sites. Bofra appeared just days after the revelation of the IFRAME
    > vulnerability, which affects Internet Explorer 6 on all Windows
    > platforms except Windows XP Service Pack 2 (SP2). This vulnerability
    > allows attackers to gain complete control of a user's computer.
    >
    > Microsoft has not issued a patch for the Internet Explorer IFRAME hole
    > for users that have yet to install SP2. However, a German security
    > researcher has issued an independent patch, prompting discussion among
    > security vendors about the risks of "unofficial" patches.
    >
    > Windows XP SP2 has been downloaded more than 105 million times,
    > according to Microsoft, but some corporate IT departments have
    > reported problems with installations. The ISC recommended that IE6
    > users who haven't installed the SP2 update "utilize a different web
    > browser until a patch is released by Microsoft."
    >
    > --
    > Jose Manuel Tella Llop
    > MVP - Windows
    > (quitar XXX)
    > http://www.multingles.net/jmt.htm
    >
    > Este mensaje se proporciona "como está" sin garantías de ninguna
    > clase, y no otorga ningún derecho.
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    > You assume all risk for your use.
    >

    Download, install and set Mozilla Firefox as your default browser.
    http://www.mozilla.org/ However, you must use IE6 for Windows and Office
    Updates.
     
    Guest, Nov 21, 2004
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marc Liron

    NEW worm spreading fast - W32/Sobig-F

    Marc Liron, Aug 19, 2003, in forum: Windows XP New Users
    Replies:
    0
    Views:
    211
    Marc Liron
    Aug 19, 2003
  2. Larry Samuels

    Heads up--W32.Novarg.A@mm spreading rapidly

    Larry Samuels, Jan 27, 2004, in forum: Windows XP New Users
    Replies:
    2
    Views:
    218
  3. david

    dso exploit

    david, May 23, 2004, in forum: Windows XP New Users
    Replies:
    1
    Views:
    135
    *Vanguard*
    May 23, 2004
  4. Guest

    DSO exploit

    Guest, Jun 10, 2004, in forum: Windows XP New Users
    Replies:
    5
    Views:
    165
    Guest
    Aug 7, 2004
  5. Guest

    DSO Exploit continued

    Guest, Jun 10, 2004, in forum: Windows XP New Users
    Replies:
    0
    Views:
    198
    Guest
    Jun 10, 2004
Loading...

Share This Page