Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Exploit Distributed by Advertising Network

Posted by michael on from the you-thought-you-were-safe dept.

Zocalo writes "Given that a lot of Slashdot readers also check The Register, it's important to note that their Internet advertising provider, Falk AG, was compromised by the BOFRA exploit yesterday. The Falk AG service has been suspended by The Register and a statement from Falk AG is due on Monday. The upshot is that if you visited the Register yesterday morning and use IE as your browser, then you probably need to run a full virus scan with up to date data files. Of course, those of us running other browsers and something like AdBlock have nothing to worry about. Again." You're OK for now if you're running SP2. There's also a good security writeup about the problem.

7 of 478 comments (clear)

  1. No one is safe... by jarich · · Score: 4, Interesting
    I once stumbled across a spyware installation program (about a year ago) that was launched by a site counter! Some poor person had put the counter into their web site because they wanted a free counter. Everyone who visited got spyware installed... everyone using IE with default security settings, that is.

    Sad thing was the company was based in the Netherlands so it wasn't even worth pursuing legally... but if you are on the net, you aren't safe. MS products are more insecure, but you should always take steps to protect yourself, like keep the OS and applications up to date, etc etc

    --
    Agile Artisans
    1. Re:No one is safe... by linguae · · Score: 4, Interesting

      I would love to switch every Windows user that I know to Linux, *BSD, or (if they're in the market for a new computer) Mac OS X. However, there are a few reasons why many people are still using Windows, and will stick with it for about another two years or so:

      1. I don't want to learn (insert new OS here)
      2. But I need (insert some proprietary app here)
      3. But would (this exotic piece of hardware) work on (this new OS)
      4. What's an OS? Why's security important? (insert typical questions asked by computer illiterates)

      Even so, things are getting brighter for these alternate OSes every day. The graphical environments for *nix are getting easier to use with every new release of KDE and GNOME. In fact, if I switched my parents and siblings to *nix tomorrow, they might feel comfortable (provided that I set everything up, that is). Many Windows users are now starting to see the benefits of Open Source software (through OSS projects such as Mozilla Firefox and OpenOffice), and they will feel more comfortable once they make the switch. Hardware support for *nix is getting improved by the day, and more manufacturers are starting to take a look at *nix compatibility. On the Mac side of things, more people are getting exposed to Apple products (through the iPod) and are learning about the virtues of having a Mac.

      Finally, security is starting to become much more important to comptuer users, even the Joe Average type, these days. It used to be that the Internet was a reasonably nice place to go to to find information and to communicate. Now, it is infested with commerical advertising, popups, insecure "portals" to the Internet (*cough Internet Exploiter* cough), and malware. Stuff that we never would have guessed that would happen about a decade (or even five years) ago, such as phishing and worms activated by just browsing a web page, are happening now. More people are becoming aware about the dangers of viruses, worms, spyware, adware, and the other crap that happens on the Windows platform daily. More people are starting to learn about alternate browsers such as Firefox and Opera. Some people are now finally setting up firewalls and anti-malware applications so that way they would be safer from the dangers of the Internet. Some are even planning the switch to a Mac, *nix, or another alternative.

      I believe with the current landscape of computing, the Windows hegemony will last another two to three years. I feel with all of the improvements that *nix and OS X are making each and every day, the computing environment will be pretty interesting in the years to come....

  2. Re:AdBlock is unethical by Anonymous Coward · · Score: 5, Interesting

    I guess I should stop using Lynx then! It's unethical since I don't see images.

  3. Re:Text-Ads by NoMercy · · Score: 4, Interesting

    Strange comment now google now does picture adverts, admitidly there not very common to spot but they are out there, quite a few google image adverts pop up on a forum I frequent.

  4. It's not the first time.. by Dynamoo · · Score: 4, Interesting

    It's not the first time this has happened either, see this article relating to an incident that happened back in September with Falk AG.

    --
    Never email donotemail@WeAreSpammers.com
  5. Re:AdBlock is unethical by BenjyD · · Score: 4, Interesting

    It's not quite so clear cut as that, though. As I see it:

    For adverts:
    - Running a web site costs money. The guys running it might even want to make a living
    - hiring good writers is expensive
    - Advertising money is a proven revenue source for media outlets
    - subscription sites don't seem to be a popular option

    but, against that:
    - The adverts many sites run are overly intrusive and bandwidth-intensive
    - people who block adverts probably aren't the kind of people who are going to take notice of them anyway
    - just cramming more and more adverts down the throats of consumers is not a sustainable policy: evevntually, everybody will block them because it's impossible to read anything on the web otherwise.

    But, sites have to be paid for somehow. Do you have any suggestions of alternative profit models for web sites?

    Penny-arcade seems to get by well enough on its merchandise, advertising, freelance art work etc revenue, for example. I'm not sure how well that scales to smaller sites, though.

  6. Buffer overlow protections? by Deorus · · Score: 4, Interesting

    Last time I read about the Microsoft's buffer overflow protection implementation in Windows PX Service Pack 2, they were talking about the NX bit present in page entries when the PAE mode was active in AMD x86-64 processors. Even though that protection exists in the new AMD x86-64 processors' MMUs, Intel P4 as well as older AMD processors do not yet support that bit, which means that processes running over them do not get any page-based protection against code execution, even while running SP2.

    However I see many people trusting their lives on SP2's protection even without processor support, and I don't see Microsoft willing to clarify this issue either, so I'm starting to believe that probably there is something else that I am not aware of in SP2 which simulates the same kind of protection on processors without hardware support.

    Is SP2 really protecting against stack smashing (for example) on processors without hardware support for non-executable pages? Or is it just general ignorance that Microsoft exploits for their own profit?