Tuesday, 11 September 2007

Banner Ad Trojan Served on MySpace, Photobucket

"Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users. Several banner ads containing Trojan horse programs that can compromise a user's computer have been running on some high-traffic Web sites for the past several weeks, including MySpace.com and Photobucket.com, Security Fix has learned.

According to Web security company ScanSafe it first spotted the tainted banner ads on Aug. 8, and estimates that the hostile ads ran several million times for the next three weeks. Other sites that ran the ads included Bebo.com, TheSun.co.uk, and UltimateGuitar.com, officials at ScanSafe said. All a visitor to one of these sites needed to do to infect their machines was to browse a page that featured the ads with a version of Internet Explorer that was not equipped with the latest security updates from Microsoft.

The banner ads in question were traced back to an ad network exchange run by a company called RightMedia, which was recently acquired by Yahoo!. The ads were being delivered to RightMedia's network from a third-party ad server. According to ScanSafe, those third-party servers included in their rotation several malicious ads that used Macromedia Flash files to load an invisible "iFrame" (used to insert content from another Web site into the current Web page).

The malicious iFrame in turn pulled down code that leveraged a security hole in Microsoft's Internet Explorer browser (a flaw Microsoft patched in February) to install a generic Trojan horse program.

Tools like the "noscript" add-on for Firefox can help users block powerful programming languages like Flash and Javascript from running automatically when a user visits a Web site. However, noscript may do little to prevent these types of attacks if the visitor has previously instructed "noscript" to trust the site permanently.

Another key takeaway here is the importance of Windows users keeping their systems up to date with the latest security patches, particularly those issued by Microsoft to plug holes in IE and other vital system components."
source: washington post

No comments: