Spyware Attack Part of ‘Coordinated Campaign’ Against IE

Internet Explorer users who are not running Microsoft’s Windows XP Service Pack 2 are vulnerable to an attack that infiltrates through the banner ads on some Web sites.

Hackers this weekend broke into a server used by Falk eSolution of Germany to deliver banner ads to Web sites. The hackers loaded exploit code that takes advantage of a known flaw in IE to infect computers with the Bofra worm, previously known as a variant of MyDoom.

Microsoft has known about the iFrame vulnerability since it was published earlier this month, but has not yet released a patch.

According to SANS Internet Storm Center, sites in the U.K., the Netherlands and Sweden have been infected.

Coordinated Campaign

Matt Jonkman, senior security consultant with Infotex, an information security firm, said the banner ad attack is just part of the problem.

“There is a coordinated campaign of compromise going on,” he told TechNewsWorld. “At least a couple hundred Web servers have been compromised. There appears to be an automated rootkit install that’s adding the infected redirecting links to all domains on the server. That’s where the biggest risk is, users can hit a site they trust but the server was compromised.”

The Register, a U.K. tech Web site, noticed the problem on Sunday.

“If you may have visited The Register between 6am and 12.30pm GMT on Saturday, Nov. 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue,” The Register said in a statement.

The site has since fixed the problem.

Evading Anti-Virus Programs

Antivirus software isn’t a big help in this case.

“The spyware isn’t detected by most anti-virus software. There are some trojans that are downloaded by the infections, but that’s only a small part of what’s happening,” Jonkman said.

And for computers that have already been infected, the fix is not easy.

The effect is “nearly crippling,” he said. “It’ll have so many popups and new software installed it’ll not be very useful, and be very slow.”

Start Over

“You’ll save a lot of time and money by getting the data you need off of the system and reformatting and reinstalling. And use a browser like Firefox or Mozilla the second time around,” he advised.

Jonkman said the main problem Bofra will cause for the Web is a loss of trust and security.

“My hope is that people will embrace the idea that there are other browsers that are safer and better than IE. I’m not a Microsoft basher. IE has great possibilities, but it’s just not safe at this time,” he said.

“It’s security doesn’t appear to be enough of a priority for Microsoft. I wholly recommend using another browser for general Internet browsing and saving IE to use only for the things it’s required for.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels