view ads, get owned?

If you were browsing The Register on Saturday using Internet Explorer, and weren’t using Windows XP with Service Pack 2 installed, chances are your computer has been infected with a virus. One of their ad providers, Falk AG was compromised, and the ads they served exploited the Bofra/iFrame set of vulnerabilities in Windows/IE to install a viral payload on viewers’ machines. Slashdot is also running a story on it.

The Register is apologising for the incident, and recommending that all their visitors who used Internet Explorer but were not using Windows XP with SP2 perform a full virus scan on their system and install SP2 immediately. They’ve also suspended Falk AG from their ad rotation system pending an explanation.

How’s that for security, Microsoft? If you aren’t using Windows XP with SP2, protect yourself by using Firefox 1.0 instead of Internet Explorer. Even if you are using SP2, it’s still a good idea. You never know what other exploits are lurking out there waiting to infect you.

Microsoft has made life too easy for would-be hackers. It used to be that they had to convince you to do something stupid. These days, even that’s not necessary. You can get infected just by visiting random websites that you trust. Imagine the impact if one of CNN’s ad partners had been involved here.

If you haven’t yet installed SP2, the best way to get it is by filling out this form. Microsoft will ship you a Windows XP SP2 update CD at no cost, to almost anywhere in the world.

Thanks to yusufg for letting me know about this.

UPDATE: Falk has issued a statement regarding the above incident. Apparently it was caused by a flaw in one of their load balancers that was exploited to redirect ad requests to search.comedycentral.com, which served the malicious ads.

This entry was posted in Microsoft, Mozilla. Bookmark the permalink.

3 Responses to view ads, get owned?

  1. The Dutch sites from the company Ilse have been hit by the same problem:

    http://www.startpagina.nl/alert/

    This includes http://www.startpagina.nl, a portal site which is used by many as a start page (as the name suggests). Now if you see that even on a technical site like w3schools the share of Windows OS-es older than Windows XP is 30% (I’d say for non-technical sites this is closer to 50%), and probably only half of the people having Windows XP have actually upgraded it to SP2…

    Of course the virus was only shown to people about every 30 pages, but if you browse around on a page you can reach that number quite quickly, and the same goes for people having the page as a startpage which loads it every time you open a new browser window.

    My estimate is that about 50% of the people using startpagina.nl have been infected with this virus now.

    Sad as it may be, maybe this will make people finally realize that keeping your OS up-to-date is really important, and moreover that Internet Explorer is a bug-ridden creature which leaves you vulnerable, even if you don’t visit dubious warez sites or something. A good alternative is of course Firefox :).

    ~Grauw

  2. By the way, Ilse is also the owner of the very popular Dutch search engine http://ilse.nl/ .

    Yep, whoever spread this virus is one nasty hacker. I think millions of people are affected.

  3. Popular news portal nu.nl (which we almost linked to in the Dutch Firefox translation, but we chose another news site instead) is also from the Ilse company.

    ~Grauw

Comments are closed.