Hackers Take Aim At Ad-Server NetworksHackers Take Aim At Ad-Server Networks
Attacks take advantage of unpatched flaw in Internet Explorer 6.0
November 24, 2004
As if phishing scams, spam, and run-of-the-mill virus attacks weren't doing enough to whittle away at the level of trust in E-business systems, hackers last week added a new target: banner advertising networks.
On Nov. 20, attackers infiltrated the ad-server network of German Internet marketing company Falk eSolutions AG. They compromised one of the company's servers, inserting code that caused some Web surfers who visited sites displaying Falk's banner ads to become infected by a Trojan horse located on other Web sites that opens their systems to attack. The hackers took advantage of a known but unpatched flaw in Internet Explorer 6.0, and Web surfers running that browser didn't have to click on the banner ad to get infected, says Joe Stewart, senior security researcher for security services firm LURHQ Corp. Systems running Internet Explorer 6.0 on Service Pack 2 aren't vulnerable.
"This was a very complicated attack and the first that targeted Internet ads this way," says Vincent Gullotto, VP of security-software vendor McAfee Inc.'s antivirus and vulnerability emergency-response team. More attacks against Internet-advertising networks could pose a threat to one of the advertising industry's fastest-growing revenue streams. Research firm eMarketer predicts online advertising spending will increase nearly 29% this year to $9.4 billion and grow another 21% in 2005.
"It's a sad day for ad-serving companies that didn't know how secure they needed to be. This could be lost revenue in a big way," says Pete Lindstrom, an analyst at Spire Security. Some of the largest U.S. online ad-serving companies say they've taken precautions. DoubleClick Inc. "has invested heavily to partner with provid- ers who offer best-of-breed security software and hardware which is constantly updated to evolve with more sophisticated attacks," the company said in a statement.
Microsoft will release a patch "when the development and testing process is complete, and the update is found to effectively correct the vulnerability," according to a company statement. Until then, security experts warn that copycat attacks are likely.
About the Author(s)
You May Also Like