Hackers Take Aim At Ad-Server Networks - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
11/24/2004
02:50 PM
50%
50%
RELATED EVENTS
Moving UEBA Beyond the Ground Floor
Sep 20, 2017
This webinar will provide the details you need about UEBA so you can make the decisions on how bes ...Read More>>

Hackers Take Aim At Ad-Server Networks

Attacks take advantage of unpatched flaw in Internet Explorer 6.0

As if phishing scams, spam, and run-of-the-mill virus attacks weren't doing enough to whittle away at the level of trust in E-business systems, hackers last week added a new target: banner advertising networks.

On Nov. 20, attackers infiltrated the ad-server network of German Internet marketing company Falk eSolutions AG. They compromised one of the company's servers, inserting code that caused some Web surfers who visited sites displaying Falk's banner ads to become infected by a Trojan horse located on other Web sites that opens their systems to attack. The hackers took advantage of a known but unpatched flaw in Internet Explorer 6.0, and Web surfers running that browser didn't have to click on the banner ad to get infected, says Joe Stewart, senior security researcher for security services firm LURHQ Corp. Systems running Internet Explorer 6.0 on Service Pack 2 aren't vulnerable.

"This was a very complicated attack and the first that targeted Internet ads this way," says Vincent Gullotto, VP of security-software vendor McAfee Inc.'s antivirus and vulnerability emergency-response team. More attacks against Internet-advertising networks could pose a threat to one of the advertising industry's fastest-growing revenue streams. Research firm eMarketer predicts online advertising spending will increase nearly 29% this year to $9.4 billion and grow another 21% in 2005.

"It's a sad day for ad-serving companies that didn't know how secure they needed to be. This could be lost revenue in a big way," says Pete Lindstrom, an analyst at Spire Security. Some of the largest U.S. online ad-serving companies say they've taken precautions. DoubleClick Inc. "has invested heavily to partner with provid- ers who offer best-of-breed security software and hardware which is constantly updated to evolve with more sophisticated attacks," the company said in a statement.

Microsoft will release a patch "when the development and testing process is complete, and the update is found to effectively correct the vulnerability," according to a company statement. Until then, security experts warn that copycat attacks are likely.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll