If you were browsing The Register on Saturday using Internet Explorer, and weren’t using Windows XP with Service Pack 2 installed, chances are your computer has been infected with a virus. One of their ad providers, Falk AG was compromised, and the ads they served exploited the Bofra/iFrame set of vulnerabilities in Windows/IE to install a viral payload on viewers’ machines. Slashdot is also running a story on it.
The Register is apologising for the incident, and recommending that all their visitors who used Internet Explorer but were not using Windows XP with SP2 perform a full virus scan on their system and install SP2 immediately. They’ve also suspended Falk AG from their ad rotation system pending an explanation.
How’s that for security, Microsoft? If you aren’t using Windows XP with SP2, protect yourself by using Firefox 1.0 instead of Internet Explorer. Even if you are using SP2, it’s still a good idea. You never know what other exploits are lurking out there waiting to infect you.
Microsoft has made life too easy for would-be hackers. It used to be that they had to convince you to do something stupid. These days, even that’s not necessary. You can get infected just by visiting random websites that you trust. Imagine the impact if one of CNN’s ad partners had been involved here.
If you haven’t yet installed SP2, the best way to get it is by filling out this form. Microsoft will ship you a Windows XP SP2 update CD at no cost, to almost anywhere in the world.
Thanks to yusufg for letting me know about this.
UPDATE: Falk has issued a statement regarding the above incident. Apparently it was caused by a flaw in one of their load balancers that was exploited to redirect ad requests to search.comedycentral.com, which served the malicious ads.
