Hackers Take Aim At Ad-Server Networks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Hackers Take Aim At Ad-Server Networks

Attacks take advantage of unpatched flaw in Internet Explorer 6.0

As if phishing scams, spam, and run-of-the-mill virus attacks weren't doing enough to whittle away at the level of trust in E-business systems, hackers last week added a new target: banner advertising networks.

On Nov. 20, attackers infiltrated the ad-server network of German Internet marketing company Falk eSolutions AG. They compromised one of the company's servers, inserting code that caused some Web surfers who visited sites displaying Falk's banner ads to become infected by a Trojan horse located on other Web sites that opens their systems to attack. The hackers took advantage of a known but unpatched flaw in Internet Explorer 6.0, and Web surfers running that browser didn't have to click on the banner ad to get infected, says Joe Stewart, senior security researcher for security services firm LURHQ Corp. Systems running Internet Explorer 6.0 on Service Pack 2 aren't vulnerable.

"This was a very complicated attack and the first that targeted Internet ads this way," says Vincent Gullotto, VP of security-software vendor McAfee Inc.'s antivirus and vulnerability emergency-response team. More attacks against Internet-advertising networks could pose a threat to one of the advertising industry's fastest-growing revenue streams. Research firm eMarketer predicts online advertising spending will increase nearly 29% this year to $9.4 billion and grow another 21% in 2005.

"It's a sad day for ad-serving companies that didn't know how secure they needed to be. This could be lost revenue in a big way," says Pete Lindstrom, an analyst at Spire Security. Some of the largest U.S. online ad-serving companies say they've taken precautions. DoubleClick Inc. "has invested heavily to partner with provid- ers who offer best-of-breed security software and hardware which is constantly updated to evolve with more sophisticated attacks," the company said in a statement.

Microsoft will release a patch "when the development and testing process is complete, and the update is found to effectively correct the vulnerability," according to a company statement. Until then, security experts warn that copycat attacks are likely.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Commentary
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
News
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll