Results 1 to 5 of 5
  1. #1
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Following up from the recent "compromise" of the Falk AG advertising network with code that uses an unpatched IE vulnerability, there are reports that this may be tied into an exploit on various versions of the Apache web server platform ( article here, here, here and gee I guess other places).

    The MO appears to be that servers are compromised, and then modified to serve up an IFRAME based exploit which will then effective 0wn the visitors PC, and recruit it into a zombie network. It could be that the zombie network is somehow being used to attack the Apache boxes too.

    If you run your own Apache box, then make sure you apply all the patches you can. Else, take a backup of as much data as you can right away.

    And seriously, stop using IE now if you still are. Anybody who conducts on-line business such as us affiliates have a lot to lose if we get compromised. If you're a PC user, switch to Firefox. Now.

    OK, this may be nothing and a storm in a teacup but I sense there's *big* trouble brewing here.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Hopefully the media attention will focus in on the Adwhores behind all this system hijacking. A few network execs should be forced into court to explain their involvement.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  3. #3
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    The problem seems to be related to a widespread flaw in OpenSSL an Apache. I just checked my main host and it appeared to be vulnerable.

    According to this thread, vulnerable versions are 0.9.6c to 0.9.6l and 0.9.7a to 0.9.7c. You can check you server by visiting http://news.netcraft.com/ and entering the domain name in the top left box.

    There's a further security advisory here about OpenSSL:

    http://www.openssl.org/news/secadv_20040317.txt
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  4. #4
    Full Member
    Join Date
    January 18th, 2005
    Posts
    469
    Note that 180solutions, WebRebates (a TopMoxie app) and EBates Moe Money Maker (also TopMoxie) are being installed through this kind of hole. Video and write-up at http://www.benedelman.org/news/111804-1.html

  5. #5
    MasterMike HardwareGeek's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,810
    BTW this isnt the first time Falk has screwed up. I have ads on my site that are in their system and I have had dozens of exploits this past year. But normally its taken care with in an hour.

  6. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Google can't hack it?
    By buy_online in forum Search Engine Optimization
    Replies: 16
    Last Post: January 9th, 2006, 08:41 AM
  2. Major merchants now can attack phisher sites
    By ecomcity in forum Midnight Cafe'
    Replies: 0
    Last Post: February 15th, 2005, 11:38 AM
  3. Hack Attempt @ 5:15 PM
    By Haiko de Poel, Jr. in forum Midnight Cafe'
    Replies: 7
    Last Post: January 10th, 2002, 03:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •