Hackers Use 24/7 Server to Reproduce Legitimate Sites with Attack AdsHackers have compromised a server run under the 24/7 Real Media, an online advertising company, to use it to reproduce legitimate sites with attack code ads for interested visitors to gain advantage, Symantec Corp. said on October 19, 2007. The attack abuses vulnerability in the helper object of an ActiveX browser. The browser software enables RealPlayer to guide users who stumble on technical difficulties. That means, the system must be running Internet Explorer, which experiences the influence of the attack, Symantec explained. It is the first instance when the malware has taken advantage of the online ads that a major advertising company served. In September 2007, it became public that RightMedia under Yahoo's ownership served around 12 Million ads for three weeks. These ads quietly planted a Trojan backdoor on Windows systems that were un-patched. Users of Windows who went to sites carrying the attack code ads were infected when they used Microsoft's Internet Explorer browser, and found RealPlayer media player software loaded on their computers. The attacking ads that 247realmedia.com served had the exploit code embedded in the ads itself, Symantec wrote in a note it prepared for its 'DeepSight threat management system'. PCWorld published it in news on October 20, 2007. The method to reach the exploit Web page was by using an iFrame already embedded in the advertisements. An HTML code, iFrame enables developers to add a second page to the Web page already in display. iFrames are often the preference of malware creators who can reduce the size of those additional pages to as tiny as one pixel so that they become almost invisible. According to Symantec, the flaw has no effect on Firefox as it does not use an ActiveX component. The security company points that the flaw within the ierpplug.dll component is not the first one reported. In December last year, a researcher successfully exploited the same component containing the flaw to cause a Denial-of-Service (DoS) condition. The US-CERT advises Windows users to deactivate ActiveX controls till the time a patch is ready. Symantec said advanced users could establish a 'kill bit' in Windows registry to prevent ActiveX from running. Related article: Hackers Redirect Windows Live Search to Malicious Sites ยป SPAMfighter News - 11/6/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
