Wednesday August 20, 2008 8:52 PM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Cyberwar is a natural progression now that computers control the infrastructure of society and ..."
on Georgia accuses Russians of cyberwar
by John Challinor | Aug 20, 2008 8:52 PM
 
"I came across a new RHOIUM Card that safeguards payment information so that there is no private ..."
on eBay hacker posts fake credit card numbers to site's security forum
by James Buffet | Aug 19, 2008 1:18 PM
 
"I'd suggest that people just not go back to any website that puts advertising dollars ahead of ..."
on Malicious "ransomware" banner ads go undetected
by Ivan Voshe | Aug 19, 2008 12:13 PM
 
"spyware"
on Antispyware added to BitDefender Online scanner
by maryam | Aug 19, 2008 6:08 AM
 
"w"
on DigitalPersona Pro Workstation/Pro Server
by v | Aug 18, 2008 12:06 PM
Web

Ads on Facebook serving up adware

  • Email a Friend
  • Print Page
Ads on Facebook serving up adware
Related Articles
By Jim Carr
Sep 19, 2007 1:35 AM
Tags: Ads | on | Facebook | serving | up | adware
Roger Thompson, chief technical officer of Exploit Prevention Labs, revealed the exploit in a blog posting. He noted that he "was reading a friend's FaceBook blog when Internet Explorer displayed a message noting that a webpage was trying to start RDS (Remote Data Services) services, and would I allow it.

"I clicked 'No,' then thought, 'Hang on . . . it shouldn't have been starting RDS!' So I started a goat machine, retraced my steps, and about a minute later . . . blam . . . programs dropped and executed on my machine."

After rebooting the unpatched PC, he discovered when he started "IE and went to my home page, I got extra copies of the browser starting and ads being served." A check of whois, he said, revealed the adware was coming from a "prominitions" website, which was downloading adware and spyware to vulnerable machines.

But "it's not clear who owns it," Thompson said. "Its ownership is hidden by one of anonymizing Internet registrars.

"You'd normally expect to see this sort of stuff if visiting websites of ill repute, such as pornographic websites," Thompson said. "You wouldn't expect to see them on something innocent" such as Facebook.

Windows PCs of users who have not installed Microsoft patches MS06-140 and MS-06-142 from September 2006 are vulnerable to the exploit, according to Thompson. Those patches cleared up a variety of remote data services exploits, he explained.

"Anybody who is patched is perfectly safe," Thompson said. He added, however, that many organisations do not "patch automatically because they tend to have homegrown applications" that conflict with some of the patches.

In these situations, "People checking their Facebook pages at work could easily get adware on their PC.

"The issue is the web is the emerging battleground," Thompson said. "People need to be aware that others are trying to get into their computer that way. The underlying message: Make sure you're automatically patching your computer, and it's a good idea to install something like anti-exploit software."

"The ad in question violated Facebook's ad guidelines and was removed from the site," a Facebook spokesman said. "Facebook is also working closely with the international ad network that served the ad to ensure that future ads meet its strict guidelines for appropriate and safe advertising."

See original article on SC Magazine US

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Vulnerabilities & Exploits Whitepapers
Popular Tags
ads attacked banner expose facebook fbi information malicious myspace networking personal profiles ransomware social spoofs storm undetected worms