A hacked server in Germany fed malicious code to unsuspecting Internet Explorer users at an unknown number of Web sites for several hours over the weekend, a banner ad-serving company acknowledged Monday. . . .
A hacked server in Germany fed malicious code to unsuspecting Internet Explorer users at an unknown number of Web sites for several hours over the weekend, a banner ad-serving company acknowledged Monday.

The affected Web sites included trusted sites in the U.K., the Netherlands, and Sweden, according to the Internet Storm Center of the SANS Institute. Users who visited one of the impacted sites stood a 1-in-30 chance of being infected with a worm that exploits the still-unpatched IFRAME vulnerability in Microsoft's Internet Explorer 6.0.

Recent versions of the MyDoom worm have exploited the IFRAME vulnerability, as has the Bofra worm, which is what security firms which believe the exploit is dissimilar to MyDoom, have dubbed the threat. Whatever the name, the IFRAME exploit can let hackers grab control of infected PCs.

The sequence of events went like this. Early Saturday morning in Germany, a load balancing server run by Falk eSolutions AG was hacked. Load balancing servers sit in front of the actual delivery servers, and parse out ad requests made by Web sites to equalize workloads.

For over six hours, from 5:10 to 11:30 a.m., GMT (12:10 to 6:30 a.m., EST), a virus was "inadvertently redistributed to a small number of users," Falk said in a statement. The hack sent user requests for banner ads -- such requests are invisibly sent by browsers whenever they hit a site with ads -- being redirected from the ad servers to a compromised site. That site, in turn, delivered a Bofra worm to the target computer.

The link for this article located at securitypipeline.com is no longer available.