Interesting People mailing list archives
more on Bofra exploit hits The Register ad serving supplier
From: David Farber <dave () farber net>
Date: Wed, 24 Nov 2004 09:44:35 -0500
Begin forwarded message: From: Peter Lowe <pgl () yoyo org> Date: November 23, 2004 8:28:55 PM EST To: David Farber <dave () farber net> Cc: Ip <ip () v2 listbox com> Subject: Re: [IP] Bofra exploit hits The Register ad serving supplier [ For IP, if you like. ] The Register also have a notice up about ad service being restored: http://www.theregister.co.uk/2004/11/23/register_restores_adserver/ Register restores ad service By Team Register Published Tuesday 23rd November 2004 09:24 GMT Site Notice On Saturday, The Register suspended service by third party ad serving supplier, Falk, following security issues detailed [1]here. Today we have restored the service, after satisfying ourselves that this problem is fixed. Falk's statement on what went wrong is [2]here. Our thanks for all your emails. We appreciate the kind words and note the performance issues that many of you raise. We will be seeking to address this in coming weeks. At a rough guess, the number of Reg readers exposed to the Bofra /IFrame exploit was in the low hundreds. We have no means of estimating how many of these were protected by firewalls or anti-virus software protection. During the period Falk's service was compromised - between 6.10am and 12.30pm on Saturday, 11660 unique individuals using Windows and IE6 visited The Register. We haven't drilled down the different flavours of Windows, but we assume that the majority were not on Windows XP SP2 boxes. Reader with Windows XP SP2 are protected from the Bofra /IFrame exploit, along with the rest of the non-Windows world. On average readers looked at three pages a pop. So that's around 35,000 pages in which the rogue ad could have been served. According to Falk, one in 30 requests for a banner ad were redirects to the site containing the bofra worm. If this is correct around 1,170 rogue ads were served on our site. We apologise again for exposing readers to this. We also urge readers using IE on Windows to switch browsers, at least until the iFrame exploit is patched properly. Here is advice from McAfee on removing the Bofra worm. Ž [1]http://www.theregister.co.uk/2004/11/21/register_adserver_attack/ [2]http://www.falkag.com/news.php?Id=26[3]http://us.mcafee.com/virusInfo/default.asp? id=description&virus_k=129629
On Nov 23, David Farber wrote:
Begin forwarded message: From: Monty Solomon <monty () roscom com> Date: November 23, 2004 9:20:27 AM EST To: undisclosed-recipient:; Subject: Bofra exploit hits The Register ad serving supplier http://www.theregister.co.uk/2004/11/21/register_adserver_attack/ Bofra exploit hits our ad serving supplier By Team Register Published Sunday 21st November 2004 16:18 GMT Important notice Early on Saturday morning some banner advertising served for The Register by third party ad serving company Falk AG became infected with the Bofra/IFrame exploit. The Register suspended ad serving by this company on discovery of the problem. Bofra/IFrame is a currently unpatched exploit which affects Internet Explorer 6.0 on all Windows platforms bar Windows XP SP2. If you may have visited The Register between 6am and 12.30pm GMT on Saturday, Nov 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue. We have asked Falk for an explanation and for further details of the incident, and pending this we do not intend to restart ad-serving via the company. Falk will, we understand, be making a statement regarding the matter on Monday. Although the matter was beyond our direct control, we do not regard it as acceptable for any Register reader to be exposed in this way, and wish to apologise sincerely to anyone who was. Further information about this particular exploit is available here or here. http://www.theregister.co.uk/2004/11/04/ie_iframe_vuln/ http://www.theregister.co.uk/2004/11/10/bofra_worm/ ------------------------------------- You are subscribed as pgl () yoyo org To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting-people/
-- The Czech Republic: Home of the world's finest beer. Litres drunk by Czechs so far this year: 1,474,727,606.49 - http://prague.tv/toys/beer/ ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Bofra exploit hits The Register ad serving supplier David Farber (Nov 24)