Hackers Target IE through Ad Networks

By | November 22, 2004

During the course of this weekend, hackers found an ingenious way to attack Microsoft’s ubiquitous Internet Explorer: compromise an ad network’s servers.

These days banner ads are as common as, well, webpages. Some of the larger networks serve up over 5 billion ads per month.

During a 12-hour window over the weekend, hackers broke into a load balancing server that handles ad deliveries for Germany´s Falk eSolutions and successfully loaded exploit code on banner advertising served on hundreds of Web sites.

“Users visiting Web sites that carry banner advertising delivered by our system were periodically delivered a file from the compromised site. This file tries to execute the IE-Exploit function on the users´ computer,” Falk eSolutions confirmed Monday.

The exploit is based on a known vulnerability reported in IE earlier this month, when a MyDoom variant took advantage of it.

The flaw, which does not affect IE users running Windows XP Service Pack 2 (SP2), has not yet been patched.

In a brief note posted Monday, Falk said a virus found on its European network was “inadvertently redistributed” to a small number of users (calculated under 2 percent).

“As of 11:30 a.m. EST, the virus was removed from all Falk European and U.S. networks, and normal ad delivery was restored,” the company said.

Leave a Reply