Software // Enterprise Applications
News
11/24/2004
02:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Hackers Take Aim At Ad-Server Networks

Attacks take advantage of unpatched flaw in Internet Explorer 6.0

As if phishing scams, spam, and run-of-the-mill virus attacks weren't doing enough to whittle away at the level of trust in E-business systems, hackers last week added a new target: banner advertising networks.

On Nov. 20, attackers infiltrated the ad-server network of German Internet marketing company Falk eSolutions AG. They compromised one of the company's servers, inserting code that caused some Web surfers who visited sites displaying Falk's banner ads to become infected by a Trojan horse located on other Web sites that opens their systems to attack. The hackers took advantage of a known but unpatched flaw in Internet Explorer 6.0, and Web surfers running that browser didn't have to click on the banner ad to get infected, says Joe Stewart, senior security researcher for security services firm LURHQ Corp. Systems running Internet Explorer 6.0 on Service Pack 2 aren't vulnerable.

"This was a very complicated attack and the first that targeted Internet ads this way," says Vincent Gullotto, VP of security-software vendor McAfee Inc.'s antivirus and vulnerability emergency-response team. More attacks against Internet-advertising networks could pose a threat to one of the advertising industry's fastest-growing revenue streams. Research firm eMarketer predicts online advertising spending will increase nearly 29% this year to $9.4 billion and grow another 21% in 2005.

"It's a sad day for ad-serving companies that didn't know how secure they needed to be. This could be lost revenue in a big way," says Pete Lindstrom, an analyst at Spire Security. Some of the largest U.S. online ad-serving companies say they've taken precautions. DoubleClick Inc. "has invested heavily to partner with provid- ers who offer best-of-breed security software and hardware which is constantly updated to evolve with more sophisticated attacks," the company said in a statement.

Microsoft will release a patch "when the development and testing process is complete, and the update is found to effectively correct the vulnerability," according to a company statement. Until then, security experts warn that copycat attacks are likely.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.