Worm Exploit Distributed by Advertising Network

Zocalo writes "Given that a lot of Slashdot readers also check The Register, it's important to note that their Internet advertising provider, Falk AG, was compromised by the BOFRA exploit yesterday. The Falk AG service has been suspended by The Register and a statement from Falk AG is due on Monday. The upshot is that if you visited the Register yesterday morning and use IE as your browser, then you probably need to run a full virus scan with up to date data files. Of course, those of us running other browsers and something like AdBlock have nothing to worry about. Again." You're OK for now if you're running SP2. There's also a good security writeup about the problem.

Hosts File

[pollock]

Yet another reason why it makes sense to use a hosts file with lines like:

127.0.0.1 as1.falkag.de
127.0.0.1 as2.falkag.de
127.0.0.1 as3.falkag.de
127.0.0.1 as4.falkag.de
....

Check out http://someonewhocares.org/hosts for more.

Re:Hosts File

[Izago909]

127.0.0.1 is NOT the right address to use. Some scripts will delay loading or displaying a page until certian data has been downloaded. If your computer is waiting for itself to respond to itself, some pages will never be displayed... even after the browser times out. You should use 0.0.0.0 instead.

Re:Hosts File

[oexeo]

> If your computer is waiting for itself to respond to itself, some pages will never be displayed

Not in XP! in XP the chances are you already have a trojan-server running on 127.0.0.1:80 so it should respond instantly!

Text-Ads

[fembots]

Maybe site owners will start moving or demanding text-based ads (like Google's)?

Re:AdBlock is unethical

I guess I should stop using Lynx then! It's unethical since I don't see images.

Re:Wow

[skids]

"Blame the sysadmins, blame the software, pity the customer."

You left someone out: web developers as a whole, who have insisted on more and more complicated HTML extensions instead of just working with the rather powerful stuff they had at their disposal in the first place. These are the folks that make the "core functionality set" of any competitive browser so large that the software to support it is incredibly complex. That guarantees us a steady flow of bugs and exploits.

Re:AdBlock is unethical

[flossie]

Even if AdBlock were responsible for preventing a user from getting a virus this time, that's hardly enough to make up for the theft of services and fraud that people who use it commit every day.

Utter drivel. I suppose you think that it is "theft" to change the channel on the TV when adverts come on, as well. Is it also "theft" to turn the page of a magazine without looking at the adverts on it? As far as I am concerned, advertising is a form of pollution. It reduces the visual beauty of the environment and I don't want to see it.

Re:AdBlock is unethical

[Famatra]

"Extensions and programs like AdBlock are tantamount to theft; you are acquiring the content but not "paying" for it by loading the advertisements."

Um, it is clearly *your* problem if your website's cash flow relies on wasting my bandwidth with advertisements.

Your supposed 'right' to profit does not extend to the point where I have to bend my life around your profit model. Thanks.

Re:No one is safe...

[arminw]

... but if you are on the net, you aren't safe...

Unless you are a Mac user that is. Every time there is anything in the news or /. about another piece of malware, there is always the refrain: "Does not affect Mac users". Unless you are running some proprietary vertical app, why still suffer Windows? What computing JOB can be done in Windows that can't be done as well or better by a Mac or Linux?

Re:Wow

[KonijnenBunny]

Dutch news-site (with a fairly large, non-techie audience) nu.nl was affected as well, a large warning was put up Saturday.
The warning (sorry, dutch only) mentioned that until Sunday afternoon, they received 1300 requests for help from possibly-affected visitors.

As far as accountability goes, it was nice to see the publisher, Ilse Media, put up a clear FAQ and even a special-purpose contact-form to accomodate for their not-web-savvy users.
They also mentioned further statements from Falk AG were forthcoming Monday 22nd.

Using an alternative browser, with AdBlock installed, I wasn't affected myself...

Viral Marketing

[Valen0]

This worm gives new meaning to the term "viral marketing"...

Re:No one is safe...

[Izago909]

What computing JOB can be done in Windows that can't be done as well or better by a Mac or Linux?

I've got a couple ideas: Professioal gamer or spyware/virus tester.

0.0.0.0 Hosts File

[pollock]

In that case, feel free to use this version that uses "0.0.0.0" instead.

Re:LOL

[prandal]

The latest version for many users is IE 6 SP1, which is vulnerable. Not everybody has XP, and even a lot of XP users still don't have SP2 (you try downloading it over a dialup line sometime).

Pity the write up is incorrect.

[MattInFinland]

The write up for the attack is incorrect. The correct sequence of events is at http://www.finlandforum.org/bb/viewtopic.php?t=768 5. I know because I noticed it at The Register first and contacted Falk AG. Thanks for the aknowledgement too Slashdot, NOT.

Re:Wow

[mrseth]

"Oh, and the same blocking could be done with a Windows web-proxy server. You don't need Linux, unless you aren't smart enough to figure out how to work Windows."

I do believe you have this precisely backwards. By the way, please note that if people used Linux or OS-X, we would not *need* to block all this shit in the first place.

"They don't need to. You click a button, and it keeps you up to date. Someone with automatic update wouldn't even need to know what SP2 is, but they would be up to date.

Can you point me to the patch for Win2k then? Thanks.

And they wouldn't have to spend hours trying to figure out how to upgrade their OS like they do with Linux."

Never heard of apt, yum, urpmi, or up2date? And as a bonus for Linux users, we do not have to reboot either, save for a kernel update.

Windows is for those with more money than sense.