<<< Date Index >>>     <<< Thread Index >>>

[IP] compromised ad servers?



I got piles and piles of that djf

Begin forwarded message:

From: Dave Wilson <dave@xxxxxxxxxx>
Date: August 25, 2005 6:59:40 PM EDT
To: dave@xxxxxxxxxx
Subject: compromised ad servers?


I visited a mainstream Web site Wednesday and an infected ad server apparently pushed down a bit of malware, asdf.exe. The file was extremely small -- less than 1.6 K -- and appeared to be trying to install some more complex bit of malware, presumably a keylogger. What fascinated me was that this occured on a box with all standard security measures in place: Windows XP system (all critical patches installed) using Mozilla Firefox 1.0.6 (latest version, "Allow Web sites to install software" unchecked) and running Norton Antivirus and Norton Firewall, also current and updated. Norton AV didn't even recognize this thing as malovolent; I noticed it after it was inside at c:\asdf.exe clawing frantically at my firewall trying to get back out.. Even more amusing, I didn't actually do anything: Didn't click on an advertisement, close a Windows, etc. One Web site that was apparently serving up infected ads was The Onion (London's Observer had a simlar problem last year). Because this malware is passed along through a compromised ad server, not every visitor will get hit, since the ads rotate each time the page is called up.

Anyway, I've contacted AV vendors, but I'm worried about how widespread this problem is. Google searchers turn up people puzzling similar incidents starting three weeks ago. I'm wondering if IPers can do a file search for "asdf.exe" and report back positive results?

Thanks

-dave




-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/