Hackers Take Aim At Ad-Server Networks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Hackers Take Aim At Ad-Server Networks

Attacks take advantage of unpatched flaw in Internet Explorer 6.0

As if phishing scams, spam, and run-of-the-mill virus attacks weren't doing enough to whittle away at the level of trust in E-business systems, hackers last week added a new target: banner advertising networks.

On Nov. 20, attackers infiltrated the ad-server network of German Internet marketing company Falk eSolutions AG. They compromised one of the company's servers, inserting code that caused some Web surfers who visited sites displaying Falk's banner ads to become infected by a Trojan horse located on other Web sites that opens their systems to attack. The hackers took advantage of a known but unpatched flaw in Internet Explorer 6.0, and Web surfers running that browser didn't have to click on the banner ad to get infected, says Joe Stewart, senior security researcher for security services firm LURHQ Corp. Systems running Internet Explorer 6.0 on Service Pack 2 aren't vulnerable.

"This was a very complicated attack and the first that targeted Internet ads this way," says Vincent Gullotto, VP of security-software vendor McAfee Inc.'s antivirus and vulnerability emergency-response team. More attacks against Internet-advertising networks could pose a threat to one of the advertising industry's fastest-growing revenue streams. Research firm eMarketer predicts online advertising spending will increase nearly 29% this year to $9.4 billion and grow another 21% in 2005.

"It's a sad day for ad-serving companies that didn't know how secure they needed to be. This could be lost revenue in a big way," says Pete Lindstrom, an analyst at Spire Security. Some of the largest U.S. online ad-serving companies say they've taken precautions. DoubleClick Inc. "has invested heavily to partner with provid- ers who offer best-of-breed security software and hardware which is constantly updated to evolve with more sophisticated attacks," the company said in a statement.

Microsoft will release a patch "when the development and testing process is complete, and the update is found to effectively correct the vulnerability," according to a company statement. Until then, security experts warn that copycat attacks are likely.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
News
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Commentary
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll