Womblog
Wombats
I
Hate the Suzuki Swift
ODP
links
Sites
of Interest
About
shritwod.com
Womblog
Falk AG / falkag.net Pushing Viruses and Trojans
22nd November 2004
German advertising network Falk AG is a widely used but it seems sloppy advertising network who either don't screen their advertisers or have very poor security on their systems.
It turns out that one of their advertisers had been pushing the Bofra trojan on several sites, including The Register, as reported here. It is impossible to calculate the potential number of machines infected by this. However, it's not the first time that this has happened.
As reported on the Parasiteware forum back in September, Falk AG was happily serving up ads for slimeware pusher NTSearch.com, which attempted to load another trojan through yet another IE vulnerability.
Because Falk AG allows virtually any type of ad to be used as a popup and doesn't screen them, then it is strongly advisible to block all traffic to *.falkag.net (including as-us.falkag.net and as-eu.falkag.net) permanently. In addition, if you use Falk AG for advertising then I suggest you cease immediately.
MS04-028 and The JPEGs of Doom
17th September 2004
Another security advisory from Microsoft which reveals a hole you can potentially drive a truck through - this time MS04-028 - a flaw in "certain products" that can allow a specially crafted JPEG file to execute arbitary code on the victin's computer.
This is a hugely serious flaw, and it's made worse by the fact that the problem exists in a huge number of components of the Windows OS, Internet Explorer and Microsoft applications such as Office.. and most of these products will need patching individually. Indeed, Microsoft lists 27 individual updates to fix this problem.
The flaw is so serious because potentially the trojan JPEG file could be received in any one of a number of ways, including web page, spam email or infected document.
But it gets worse.. much worse. Although Microsoft have spent some time and effort alerting users to the Windows Update site, not a lot of people know about the similarly important Office Update site. Since the two update sites barely mention each other, it's highly likely that people will patch Windows, but not Office and still remain vulnerable.
Since parasiteware/slimeware and virus writers love to use this kind of exploit to install their toxic software, you can guarantee that it will be used soon.
Thanks again, Microsoft.
Poozleanimus
Slimeware
Corporation
Department
of Homeland Security Press Releases
Mobile
Gazette
ShopForPhones.co.uk
BuyAFridge.com
Subj.com
Conrad's
Candles
Fat
Wombat Australian Shopping
Moobiles