Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Exploit Distributed by Advertising Network

Posted by michael on from the you-thought-you-were-safe dept.

Zocalo writes "Given that a lot of Slashdot readers also check The Register, it's important to note that their Internet advertising provider, Falk AG, was compromised by the BOFRA exploit yesterday. The Falk AG service has been suspended by The Register and a statement from Falk AG is due on Monday. The upshot is that if you visited the Register yesterday morning and use IE as your browser, then you probably need to run a full virus scan with up to date data files. Of course, those of us running other browsers and something like AdBlock have nothing to worry about. Again." You're OK for now if you're running SP2. There's also a good security writeup about the problem.

6 of 478 comments (clear)

  1. Hosts File by pollock · · Score: 5, Informative
    Yet another reason why it makes sense to use a hosts file with lines like:
    127.0.0.1 as1.falkag.de
    127.0.0.1 as2.falkag.de
    127.0.0.1 as3.falkag.de
    127.0.0.1 as4.falkag.de
    ....
    Check out http://someonewhocares.org/hosts for more.
    1. Re:Hosts File by Izago909 · · Score: 5, Informative

      127.0.0.1 is NOT the right address to use. Some scripts will delay loading or displaying a page until certian data has been downloaded. If your computer is waiting for itself to respond to itself, some pages will never be displayed... even after the browser times out. You should use 0.0.0.0 instead.

  2. Re:Wow by KonijnenBunny · · Score: 5, Informative

    Dutch news-site (with a fairly large, non-techie audience) nu.nl was affected as well, a large warning was put up Saturday.
    The warning (sorry, dutch only) mentioned that until Sunday afternoon, they received 1300 requests for help from possibly-affected visitors.

    As far as accountability goes, it was nice to see the publisher, Ilse Media, put up a clear FAQ and even a special-purpose contact-form to accomodate for their not-web-savvy users.
    They also mentioned further statements from Falk AG were forthcoming Monday 22nd.

    Using an alternative browser, with AdBlock installed, I wasn't affected myself...

  3. 0.0.0.0 Hosts File by pollock · · Score: 5, Informative

    In that case, feel free to use this version that uses "0.0.0.0" instead.

  4. Re:LOL by prandal · · Score: 5, Informative

    The latest version for many users is IE 6 SP1, which is vulnerable. Not everybody has XP, and even a lot of XP users still don't have SP2 (you try downloading it over a dialup line sometime).

  5. Pity the write up is incorrect. by MattInFinland · · Score: 5, Informative

    The write up for the attack is incorrect. The correct sequence of events is at http://www.finlandforum.org/bb/viewtopic.php?t=768 5. I know because I noticed it at The Register first and contacted Falk AG. Thanks for the aknowledgement too Slashdot, NOT.