washingtonpost.com  > Technology > Tech Policy > Security

Hackers Use Web Sites, Ads to Infect PCs

By Brian Krebs
washingtonpost.com Staff Writer
Tuesday, November 23, 2004; 4:18 PM

Hackers co-opted several popular Web sites including comedycentral.com over the weekend, using them to infect thousands of computers with a virus that can be used to steal passwords, bank accounts and other personal information.

Displaying an increasingly sophisticated approach to online theft, the hackers gained control of a German online advertising services firm and served up thousands of Internet ads designed to send visitors to one of several Web sites where the hackers had installed the virus.

AOL Concentrates On Security Issues With New Software (The Washington Post, Nov 18, 2004)
FTC Sues Spyware Suspects (washingtonpost.com, Oct 12, 2004)
Microsoft Releases A Flurry of Patches (The Washington Post, Oct 13, 2004)
More Security News

Hackers also can use the virus to plant programs on victims' computers that send out spam, flood monitors with pop-up advertising or attack other Web sites, said security researchers who analyzed the code.

The virus started spreading late Friday when people using some versions of Microsoft's Internet Explorer Web browser visited sites containing the ads, computer security experts said. The ads directed computers to download the virus from several Web sites, including comedycentral.com.

It does not affect computers that contain the Service Pack 2 software upgrade that Microsoft released in August for Windows XP customers. So far, the upgrade has been downloaded approximately 130 million times, according to Microsoft. There are an estimated 200 million XP users worldwide.

Customers using older Windows versions should update their anti-virus software, stay away from unfamiliar Web sites and set their browser security level to "high," said Stephen Toulouse, security program manager at Microsoft.

Sites that ran the poisoned ads included TheRegister.co.uk, a technology news publication, and Ilse.nl, one of the largest Internet companies in the Netherlands.

The ads were managed by Falk Solutions AG, a German company that handles online advertising for Web sites such as Sony Pictures Digital, NBC Universal Television Networks and A&E Television Networks.

Slightly more than 2 percent of the ads served during a six-hour period on Saturday contained the malicious computer code, according to a statement released by Falk. The company said the attackers reconfigured Falk's ad servers so that one in every 30 banner ads that ran on its clients' sites would redirect visitors to the Web sites hosting the virus.

None of the media companies that Falk serves responded to requests for comment.

CONTINUED    1 2    Next >

© 2004 TechNews.com