The ubiquitous banner ad has become the latest delivery mechanism for exploit code targeting a known flaw in Microsoft Corp.'s Internet Explorer browser. During a 12-hour window over the weekend, hackers broke into a load balancing server that handles ad deliveries for Germany's Falk eSolutions and successfully loaded exploit code on banner advertising served on hundreds of Web sites.
"Users visiting Web sites that carry banner advertising delivered by our system were periodically delivered a file from the compromised site. This file tries to execute the IE-Exploit function on the users' computer," Falk eSolutions confirmed Monday. The exploit (Bofra/IFrame) takes advantage of an IE vulnerability discovered and reported to Microsoft earlier this month. It is a variant of the MyDoom virus that launched zero-day attacks on vulnerable IE users two weeks ago.
News source: eWeek