• On GameFAQs: The top 10 strangest game bosses
September 14, 2007 2:44 PM PDT

Facebook banner ad serves an exploit

by Robert Vamosi

Security researcher Roger Thompson got a surprise the other night when he borrowed a computer to view a friend's Facebook blog--Internet Explorer wanted to download some malicious Microsoft Data Access Components (MDAC) objects. That didn't seem right, so he tried another computer, and said "I got extra copies of the browser starting, and ads being served."

Thompson is no stranger to such tricks. He heads Exploit Prevention Labs, a company that specializes in finding and mitigating browser exploits found on Web pages. This attack really surprised him. It uses an exploit of MS06-014, which means if your computer has been updated with the latest patches from Microsoft issued since September 2006, you won't experience a thing. But if you haven't updated your Windows computer in more than one year, you'll be subjected to a barrage of unwanted adware.

On an infected machine, a Google homepage now shows adware.

(Credit: Roger Thompson/Explabs)
On vulnerable machines, Thompson found that the banner ad on Facebook makes a call to bannerconnect, bannerconnect makes a call to yieldmanager, yieldmanager makes a call to valuead, and valuead makes a call to megapromition, which throws an exploit (MS06-014) and runs an adware installer. Thompson's latest blog explains the whole process in greater detail. The end result is that once infected, your Internet Explorer home page displays additional windows serving various ads.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security

Tags:

security,

Facebook,

adware,

Roger Thompson

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Was InfoWorld's CTO of the Year award a year late?
VMWare VI4 renamed to vSphere
Related
Add a Comment (Log in or register)
Well...
by jelloburn September 14, 2007 3:54 PM PDT
... sounds like if you haven't update your version of Windows in a
year, you are kind of asking for problems.

At the same time, Facebook probably should take of the problem
and inform the advertiser of the situation.
Reply to this comment
advertisement
Click Here

Look before leaping to short URLs

Fueled by Twitter's rise, services that scrunch Web addresses are taking off. They bring a host of problems, but some are working to fix them.

In Utah desert, it's bombs away

road trip At the massive Utah Test & Training Range, the Air Force runs 15,000 sorties a year to ensure that pilots and weapons are on the mark.
• Photos: Training and testing

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET