compromised ad servers?

[David Farber <dave () farber net>]

I got piles and piles of that djf

Begin forwarded message:

From: Dave Wilson <dave () wilson net>
Date: August 25, 2005 6:59:40 PM EDT
To: dave () farber net
Subject: compromised ad servers?


I visited a mainstream Web site Wednesday and an infected ad server  
apparently pushed down a bit of malware, asdf.exe. The file was  
extremely small -- less than 1.6 K -- and appeared to be trying to  
install some more complex bit of malware, presumably a keylogger.  
What fascinated me was that this occured on a box with all standard  
security measures in place: Windows XP system (all critical patches  
installed)  using Mozilla Firefox 1.0.6 (latest version, "Allow Web  
sites to install software" unchecked) and running Norton Antivirus  
and Norton Firewall, also current and updated. Norton AV didn't even  
recognize this thing as malovolent; I noticed it after it was inside  
at c:\asdf.exe clawing frantically at my firewall trying to get back  
out.. Even more amusing, I didn't actually do anything: Didn't click  
on an advertisement, close a Windows, etc. One Web site that was  
apparently serving up infected ads was The Onion (London's Observer  
had a simlar problem last year). Because this malware is passed along  
through a compromised ad server, not every visitor will get hit,  
since the ads rotate each time the page is called up.

Anyway, I've contacted AV vendors, but I'm worried about how  
widespread this problem is. Google searchers turn up people puzzling  
similar incidents starting three weeks ago. I'm wondering if IPers  
can do a file search for "asdf.exe" and report back positive results?

Thanks

-dave




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/