• On TechRepublic: Windows 7: Slower to boot than Vista?
September 14, 2007 2:44 PM PDT

Facebook banner ad serves an exploit

by Robert Vamosi

Security researcher Roger Thompson got a surprise the other night when he borrowed a computer to view a friend's Facebook blog--Internet Explorer wanted to download some malicious Microsoft Data Access Components (MDAC) objects. That didn't seem right, so he tried another computer, and said "I got extra copies of the browser starting, and ads being served."

Thompson is no stranger to such tricks. He heads Exploit Prevention Labs, a company that specializes in finding and mitigating browser exploits found on Web pages. This attack really surprised him. It uses an exploit of MS06-014, which means if your computer has been updated with the latest patches from Microsoft issued since September 2006, you won't experience a thing. But if you haven't updated your Windows computer in more than one year, you'll be subjected to a barrage of unwanted adware.

On an infected machine, a Google homepage now shows adware.

(Credit: Roger Thompson/Explabs)
On vulnerable machines, Thompson found that the banner ad on Facebook makes a call to bannerconnect, bannerconnect makes a call to yieldmanager, yieldmanager makes a call to valuead, and valuead makes a call to megapromition, which throws an exploit (MS06-014) and runs an adware installer. Thompson's latest blog explains the whole process in greater detail. The end result is that once infected, your Internet Explorer home page displays additional windows serving various ads.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security

Tags:

security,

Facebook,

adware,

Roger Thompson

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Social networks, video coming to Xbox in November
Fake Facebook e-mail contains Trojan
Facebook woos developers with a road map
Facebook and MySpace 'in talks?' Of course
Week in review: Motorola, Verizon ready the Droid
Critical Windows 7 holes fixed in record Patch Tuesday
Hands-on: Social networking on Xbox 360
Q&A: Schneier warns of marketers and dancing pigs
Add a Comment (Log in or register)
Well...
by jelloburn September 14, 2007 3:54 PM PDT
... sounds like if you haven't update your version of Windows in a
year, you are kind of asking for problems.

At the same time, Facebook probably should take of the problem
and inform the advertiser of the situation.
Reply to this comment
advertisement

After 5 years, Firefox faces new challenges

Mozilla helped reshape the Web since releasing Firefox 1.0 five years ago. Now it's got a reawakened Microsoft and Google Chrome to reckon with.

There's a map for that: GPS or smartphone?

Almost every handset comes with mapping software these days, but standalone GPS devices are becoming more affordable than ever.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET