Skip to comments.Hackers Use Web Sites, Ads to Infect PCs
Posted on 11/24/2004 8:07:41 PM PST by crushelits
Hackers co-opted several popular Web sites including comedycentral.com over the weekend, using them to infect thousands of computers with a virus that can be used to steal passwords, bank accounts and other personal information.
Displaying an increasingly sophisticated approach to online theft, the hackers gained control of a German online advertising services firm and served up thousands of Internet ads designed to send visitors to one of several Web sites where the hackers had installed the virus.
Hackers also can use the virus to plant programs on victims' computers that send out spam, flood monitors with pop-up advertising or attack other Web sites, said security researchers who analyzed the code.
The virus started spreading late Friday when people using some versions of Microsoft's Internet Explorer Web browser visited sites containing the ads, computer security experts said. The ads directed computers to download the virus from several Web sites, including comedycentral.com.
It does not affect computers that contain the Service Pack 2 software upgrade that Microsoft released in August for Windows XP customers. So far, the upgrade has been downloaded approximately 130 million times, according to Microsoft. There are an estimated 200 million XP users worldwide. Continues...
(Excerpt) Read more at washingtonpost.com ...
I wonder if that was the same group of half-wits that zonked Free Dominion's web page.
Comedycentral.com huh? Ha ha.
Use a Mac
If not, at least download Firefox
I have SP2, which block the virus. But I also use Ad Muncher, which I warmly recommend. It's shareware, so you have to pay a little for it, but it's very effective at blocking popups and most banner ads. Since these are not downloaded, it also speeds up loading web pages with ads on them.
That's a load of crap.
Macs are not usually hacker targets because the install base is not as large as Windows PCs. This does not make them less vulnerable, just not as prone to attacks.
Give me a computer that does more than just display a sad face when something is wrong.
Windows computers are stable and offer a wider selection of software.
Mac "You can buy better, but you can't pay more!"
That's not an answer. Most of us wouldn't even consider using a Mac.
is there a name to this virus or a link to an anti-virus site that is legitimate (Wash Post is not my idea of a tech site). Does the article, which is not posted here en toto contain the "virus" name?
Probably the Russian criminals at it again, few months back there was another CC harversting virus going arround off web pages, it was tracked to Russia, but as usual went no further, they made off with half a billion from various bank accounts and Creditcards.
Nowadays its not just hackers anymore these are regular criminals in it just for the money no longer the 'script kiddies' looking for bragging rights.
More details came to light Tuesday about the weekend attack that compromised a German Web advertising company's server and infected users who visited Web sites run by the firm's clients with the MyDoom/Bofra worm.
According to a statement released last Monday night by Falk eSolutions, the attack began early Saturday morning when an attacker managed to infiltrate the server and place code that redirected ad requests to a third-party site.
That site was http://search.comedycentral.com, which had also been compromised by the attacker. Neither Falk nor the SANS Institute's Internet Storm Center, which tracked and helped investigate the attack, have any idea when Comedy Central's site has cracked. As of mid-morning Tuesday, Comedy Central's search site was offline.
"It looks like Comedy Central and perhaps some other sites were compromised first, followed by Falk. Then, Falk's site was configured to redirect visitors to Comedy Central," said Marcus Sachs, the director of the Storm Center, in a statement.
Falk continued to play down the extent of the problem, saying potential redirects to the exploit code on the Comedy Central server were less then 2 percent of the ad requests from European client sites, and under 0.1 percent of those from U.S. clients during the six-hour span of the attack.
To some extent, Falk put the blame on Microsoft, whose Internet Explorer 6.0 browser was exploited by the attack when the redirected requests downloaded the MyDoom/Bofra worm instead of ads to PCs. The bug in IE, dubbed the IFRAME vulnerability, has not yet been patched,
"Users should consider using an alternate browser to Internet Explorer (such as Opera or Firefox) or upgrading their Microsoft operating system [to Windows XP SP2], Falk said in its statement.
Falk also said that it considers the hack a criminal matter, and has notified local authorities in Germany.
Cuiusvis hominis est errare, nullius nisi insipientis in errore perseverare.
For those Freepers like GeronL afraid to upgrade to Service Pack 2, well if you don't the nasties get ya. And be sure to keep your anti-virus and firewall software up to date.
Time to disinfect.Not that I've visited any of the above mentioned web sites but it never hurts.I use what I call the freeware security suite Spy bot S&D,Adaware,Avg,Zone alarm.By the way Mozilla Firefox is great but it's not "spyware proof" it does pick up less but only a few less than my accessorized version of IE with Spybot S&D resident.
"...I use what I call the freeware security suite Spy bot S&D,Adaware,Avg,Zone alarm.By the way Mozilla Firefox is great but it's not "spyware proof" it does pick up less but only a few less than my accessorized version of IE with Spybot S&D resident."
SpywareBlaster is a good addition to the above...it has an immunization feature that tries to prevent adware/spyware infections in the first place (it is not resident)
By the way, there is a Java vulnerability that affect IE as well as Firefox. The new version is 1_4_2_06
(don't forget to remove the older version when done)
The fix, if and when these coconuts are caught: beheaded on video, televised on global TV. That'd put the fear of God in any other would-be hackers.
SpywareBlaster is free like the others, and apparently is related with those who designed SpyBot...SpyBot also has an immunization feature (which should also be run even if you have SpywareBlaster) and it notices if SpywareBlaster is on your PC, encouraging you to use it as well.
That is soooooo OS 9...
This bit of FUD is absolutely not true. A few months ago, a vulnerability was announced in a hardware firewall product. I forget which company made them, but could probably look it up if you really want to know. There was an estimated population of about 50000 or so of these devices on the entire internet. An attack was launched against the vulnerability a few days later. Within 5 or 6 hours of the attack starting, it is believed that every one of these firewalls that had not been patched was hacked by the worm.
Keep in mind that this type of target is not the low-hanging fruit of your average computer illiterate windows user.* The people using these things were at least savvy enough to know that they needed a hardware firewall product in addition to their cable modems, routers and whatever. Yet the entire community of these devices was hacked and breached within hours.
Using your logic, the attack would never have happened because the target was so terribly small when compared against most other popular targets on the internet.
The reason MACs and Linux/Unix systems aren't hacked as often as windows machines is not merely the raw number of windows users. The biggest factor in the equation is that windows is so easy to subvert. Windows users can go quite a ways in protecting themselves from adware, spyware, and other stuff that has become so common just by using a different browser - any browser- other than Internet Explorer.
Also, even though Apache runs the vast majority of websites, it is still not the primary target of internet worms, viruses, and malware. That dubious honor goes to microsoft's IIS product. Hmmm....
* I'm not saying that all windows users are computer illiterate. It's just that the sheer number of them makes for a larger population of clueless users than just about any other operating system.
I normally don't have any of problems with Netscape.
I paid the $10 for Ad Muncher and I've NEVER had a pop-up since. It's fantastic.
Actually, the Java 1.5 version is available in the developers area.
Then just keep that Spybot up to date!
"Happily surfing away!"