Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Hackers Use Web Sites, Ads to Infect PCs
washingtonpost.com ^ | Tuesday, November 23, 2004 | Brian Krebs

Posted on 11/24/2004 8:07:41 PM PST by crushelits

Hackers co-opted several popular Web sites including comedycentral.com over the weekend, using them to infect thousands of computers with a virus that can be used to steal passwords, bank accounts and other personal information.

Displaying an increasingly sophisticated approach to online theft, the hackers gained control of a German online advertising services firm and served up thousands of Internet ads designed to send visitors to one of several Web sites where the hackers had installed the virus.

Hackers also can use the virus to plant programs on victims' computers that send out spam, flood monitors with pop-up advertising or attack other Web sites, said security researchers who analyzed the code.

The virus started spreading late Friday when people using some versions of Microsoft's Internet Explorer Web browser visited sites containing the ads, computer security experts said. The ads directed computers to download the virus from several Web sites, including comedycentral.com.

It does not affect computers that contain the Service Pack 2 software upgrade that Microsoft released in August for Windows XP customers. So far, the upgrade has been downloaded approximately 130 million times, according to Microsoft. There are an estimated 200 million XP users worldwide. Continues...



(Excerpt) Read more at washingtonpost.com ...


TOPICS: Crime/Corruption
KEYWORDS: ads; comedycentral; hackers; infect; pcs; use; virus; websites

1 posted on 11/24/2004 8:07:41 PM PST by crushelits
[ Post Reply | Private Reply | View Replies]

To: crushelits

I wonder if that was the same group of half-wits that zonked Free Dominion's web page.


2 posted on 11/24/2004 8:09:32 PM PST by fastattacksailor (This tagline brought to you by Izzy Dunne's tagline virus!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: crushelits

Comedycentral.com huh? Ha ha.


3 posted on 11/24/2004 8:15:09 PM PST by MisterRepublican ("I must go. I must be elusive.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: crushelits

The answer:

Use a Mac

If not, at least download Firefox

http://www.mozilla.org

Problem solved.


4 posted on 11/24/2004 8:32:35 PM PST by macsmind76 (Macsmind.com - Conservative Commentary and Common Sense)
[ Post Reply | Private Reply | To 1 | View Replies]

To: crushelits

I have SP2, which block the virus. But I also use Ad Muncher, which I warmly recommend. It's shareware, so you have to pay a little for it, but it's very effective at blocking popups and most banner ads. Since these are not downloaded, it also speeds up loading web pages with ads on them.


5 posted on 11/24/2004 8:39:37 PM PST by Cicero (Nil illegitemus carborundum est)
[ Post Reply | Private Reply | To 1 | View Replies]

To: macsmind76

That's a load of crap.

Macs are not usually hacker targets because the install base is not as large as Windows PCs. This does not make them less vulnerable, just not as prone to attacks.

Give me a computer that does more than just display a sad face when something is wrong.

Windows computers are stable and offer a wider selection of software.

Mac "You can buy better, but you can't pay more!"


6 posted on 11/24/2004 8:51:08 PM PST by TSgt (Brunettes, Guns and FR: These are a few of my favorite things...)
[ Post Reply | Private Reply | To 4 | View Replies]

To: macsmind76
The answer: Use a Mac

That's not an answer. Most of us wouldn't even consider using a Mac.

7 posted on 11/24/2004 8:54:36 PM PST by Jorge
[ Post Reply | Private Reply | To 4 | View Replies]

To: WestCoastGal

FYI


8 posted on 11/24/2004 8:57:41 PM PST by ChefKeith (Life is GREAT with CoCo..........NASCAR...everything else is just a game!(Except War & Love))
[ Post Reply | Private Reply | To 1 | View Replies]

To: crushelits

is there a name to this virus or a link to an anti-virus site that is legitimate (Wash Post is not my idea of a tech site). Does the article, which is not posted here en toto contain the "virus" name?


9 posted on 11/24/2004 9:01:49 PM PST by steplock (http://www.outoftimeradio.org)
[ Post Reply | Private Reply | To 1 | View Replies]

To: fastattacksailor

Probably the Russian criminals at it again, few months back there was another CC harversting virus going arround off web pages, it was tracked to Russia, but as usual went no further, they made off with half a billion from various bank accounts and Creditcards.

Nowadays its not just hackers anymore these are regular criminals in it just for the money no longer the 'script kiddies' looking for bragging rights.


10 posted on 11/24/2004 9:06:20 PM PST by battousai (HM King Kerry's Royal Decree: Peasants cannot earn more than $200K per year!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: steplock
Source: TechWeb
Ad Banner Attack Involved Comedy Central
November 23, 2004
By Gregg Keizer

More details came to light Tuesday about the weekend attack that compromised a German Web advertising company's server and infected users who visited Web sites run by the firm's clients with the MyDoom/Bofra worm.

According to a statement released last Monday night by Falk eSolutions, the attack began early Saturday morning when an attacker managed to infiltrate the server and place code that redirected ad requests to a third-party site.

That site was http://search.comedycentral.com, which had also been compromised by the attacker. Neither Falk nor the SANS Institute's Internet Storm Center, which tracked and helped investigate the attack, have any idea when Comedy Central's site has cracked. As of mid-morning Tuesday, Comedy Central's search site was offline.

"It looks like Comedy Central and perhaps some other sites were compromised first, followed by Falk. Then, Falk's site was configured to redirect visitors to Comedy Central," said Marcus Sachs, the director of the Storm Center, in a statement.

Falk continued to play down the extent of the problem, saying potential redirects to the exploit code on the Comedy Central server were less then 2 percent of the ad requests from European client sites, and under 0.1 percent of those from U.S. clients during the six-hour span of the attack.

To some extent, Falk put the blame on Microsoft, whose Internet Explorer 6.0 browser was exploited by the attack when the redirected requests downloaded the MyDoom/Bofra worm instead of ads to PCs. The bug in IE, dubbed the IFRAME vulnerability, has not yet been patched,

"Users should consider using an alternate browser to Internet Explorer (such as Opera or Firefox) or upgrading their Microsoft operating system [to Windows XP SP2], Falk said in its statement.

Falk also said that it considers the hack a criminal matter, and has notified local authorities in Germany.

11 posted on 11/24/2004 9:30:48 PM PST by Eagle9
[ Post Reply | Private Reply | To 9 | View Replies]

To: Jorge
That's not an answer. Most of us wouldn't even consider using a Mac.

Cuiusvis hominis est errare, nullius nisi insipientis in errore perseverare.

12 posted on 11/24/2004 9:31:46 PM PST by solitas
[ Post Reply | Private Reply | To 7 | View Replies]

To: crushelits

For those Freepers like GeronL afraid to upgrade to Service Pack 2, well if you don't the nasties get ya. And be sure to keep your anti-virus and firewall software up to date.


13 posted on 11/24/2004 9:33:16 PM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 1 | View Replies]

To: crushelits

Time to disinfect.Not that I've visited any of the above mentioned web sites but it never hurts.I use what I call the freeware security suite Spy bot S&D,Adaware,Avg,Zone alarm.By the way Mozilla Firefox is great but it's not "spyware proof" it does pick up less but only a few less than my accessorized version of IE with Spybot S&D resident.


14 posted on 11/24/2004 9:48:39 PM PST by edchambers ("Neocon footsoldier of the Haliburton Death squad")
[ Post Reply | Private Reply | To 1 | View Replies]

To: edchambers

"...I use what I call the freeware security suite Spy bot S&D,Adaware,Avg,Zone alarm.By the way Mozilla Firefox is great but it's not "spyware proof" it does pick up less but only a few less than my accessorized version of IE with Spybot S&D resident."

SpywareBlaster is a good addition to the above...it has an immunization feature that tries to prevent adware/spyware infections in the first place (it is not resident)
http://www.javacoolsoftware.com/spywareblaster.html

By the way, there is a Java vulnerability that affect IE as well as Firefox. The new version is 1_4_2_06
http://www.java.com/en/download/manual.jsp
(don't forget to remove the older version when done)


15 posted on 11/24/2004 10:06:35 PM PST by Tacos
[ Post Reply | Private Reply | To 14 | View Replies]

To: crushelits

The fix, if and when these coconuts are caught: beheaded on video, televised on global TV. That'd put the fear of God in any other would-be hackers.


16 posted on 11/24/2004 10:07:42 PM PST by wdkeller
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tacos

SpywareBlaster is free like the others, and apparently is related with those who designed SpyBot...SpyBot also has an immunization feature (which should also be run even if you have SpywareBlaster) and it notices if SpywareBlaster is on your PC, encouraging you to use it as well.


17 posted on 11/24/2004 10:11:38 PM PST by Tacos
[ Post Reply | Private Reply | To 15 | View Replies]

To: MikeWUSAF
Give me a computer that does more than just display a sad face when something is wrong

That is soooooo OS 9...

18 posted on 11/24/2004 10:34:38 PM PST by D-fendr
[ Post Reply | Private Reply | To 6 | View Replies]

To: All
Help for viruses and malware:
 
 Ad-Aware ... Spybot ... Peper Uninstaller ... HijackThis... CWShredder ... Spyware Blaster ... IE Spyad ... Free online Virus scan ... AVG AntiVirus ... LSPfix ... How to Show Hidden Files ... How to boot into Safe Mode ... How did I get infected in the first place?


Things you need--(all FREE)
Anti-Virus
AVG Anti-Virus version 7 (free) release available...
 Avast
Firewall
Kerio(Direct Download) Zone Alarm
 If are using zone alarm it may slow your PC. Try Outpost Firewall http://www.agnitum.com/products/outpost or Sygate Firewall http://www.sygate.com/, both have FREE and Pro versions and are heads above ZA.
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update- you must keep updated, it is the start of a secure system-
get all CRITICAL Updates

Things you want(Still Free)
 
 Get Firefox I use Firefox PR1 and IMHO, beats the sox off MS Explorer. Life is good with tabs. Click the link and give it a try.

Ad-Aware
Spybot S&D
SpywareBlaster
MS MVP Hosts file
Mike Lin's Homepage and get the Startup Control Panel and Startup Monitor tools.
 
The best forum for malware removal:
 http://forums.spywareinfo.com/index.php?s=262d844129208feb8b0cf5b0186a32f6&act=SC&c=4
SWI Forums--

19 posted on 11/25/2004 12:47:13 AM PST by backhoe (-30-)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MikeWUSAF
Macs are not usually hacker targets because the install base is not as large as Windows PCs. This does not make them less vulnerable, just not as prone to attacks.

This bit of FUD is absolutely not true. A few months ago, a vulnerability was announced in a hardware firewall product. I forget which company made them, but could probably look it up if you really want to know. There was an estimated population of about 50000 or so of these devices on the entire internet. An attack was launched against the vulnerability a few days later. Within 5 or 6 hours of the attack starting, it is believed that every one of these firewalls that had not been patched was hacked by the worm.

Keep in mind that this type of target is not the low-hanging fruit of your average computer illiterate windows user.* The people using these things were at least savvy enough to know that they needed a hardware firewall product in addition to their cable modems, routers and whatever. Yet the entire community of these devices was hacked and breached within hours.

Using your logic, the attack would never have happened because the target was so terribly small when compared against most other popular targets on the internet.

The reason MACs and Linux/Unix systems aren't hacked as often as windows machines is not merely the raw number of windows users. The biggest factor in the equation is that windows is so easy to subvert. Windows users can go quite a ways in protecting themselves from adware, spyware, and other stuff that has become so common just by using a different browser - any browser- other than Internet Explorer.

Also, even though Apache runs the vast majority of websites, it is still not the primary target of internet worms, viruses, and malware. That dubious honor goes to microsoft's IIS product. Hmmm....

* I'm not saying that all windows users are computer illiterate. It's just that the sheer number of them makes for a larger population of clueless users than just about any other operating system.

20 posted on 11/25/2004 7:58:37 AM PST by zeugma (Come to the Dark Side...... We have cookies!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: goldstategop
IE is weak and most spy ware, Trojans, etc are made to exploit these weaknesses.

I normally don't have any of problems with Netscape.

21 posted on 11/25/2004 9:06:14 AM PST by crushelits
[ Post Reply | Private Reply | To 13 | View Replies]

To: Tacos
I use:


22 posted on 11/25/2004 9:11:08 AM PST by crushelits
[ Post Reply | Private Reply | To 17 | View Replies]

To: Cicero
But I also use Ad Muncher, which I warmly recommend.

I paid the $10 for Ad Muncher and I've NEVER had a pop-up since. It's fantastic.

23 posted on 11/25/2004 9:14:29 AM PST by ExtremeUnction
[ Post Reply | Private Reply | To 5 | View Replies]

To: Tacos

Actually, the Java 1.5 version is available in the developers area.


24 posted on 11/25/2004 9:29:15 AM PST by FreedomPoster (hoplophobia is a mental aberration rather than a mere attitude)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Jorge

Then just keep that Spybot up to date!

"Happily surfing away!"


25 posted on 11/25/2004 10:57:37 AM PST by macsmind76 (Macsmind.com - Conservative Commentary and Common Sense)
[ Post Reply | Private Reply | To 7 | View Replies]

To: zeugma
Agreed.

Windows is a "delight" to hack. With IE at the core (incidently no matter what anyone says, IE has NOT been significantly updated since version 5), it is chocked full of holes.

The point is Firefox is the way around this IF you MUST use Winblows.

OSX (287 days without a restart - Unix rocks)
26 posted on 11/25/2004 11:02:30 AM PST by macsmind76 (Macsmind.com - Conservative Commentary and Common Sense)
[ Post Reply | Private Reply | To 20 | View Replies]

To: MikeWUSAF
"Macs are not usually hacker targets because the install base is not as large as Windows PCs. This does not make them less vulnerable, just not as prone to attacks."

No, there just isn't as many "holes" to get through the system, harder to hack, less viruses and worms.

"Give me a computer that does more than just display a sad face when something is wrong."

Hasn't done that since 1999, OS X - BSD Unix, rocks, unlike me XP. Much more stable, no question.

"Windows computers are stable and offer a wider selection of software."

I'll give you that on the software, why just this morning I removed 186 pieces of that off our windows nodes through spybot. Yep, there sure is a lot of it. Just about every major software works on both platforms, most of the other stuff is well, crap.
27 posted on 11/29/2004 1:35:11 PM PST by macsmind76 (Macsmind.com - Conservative Commentary and Common Sense)
[ Post Reply | Private Reply | To 6 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson