Banner advertising is being used to deliver the Bofra worm to visitors of European websites. Users of a number of high profile sites will find that clicking on banner ads redirects them to websites that exploit an unpatched flaw in Internet Explorer.
“It seems that the hackers are getting bolder,” said Joe Stewart, senior security researcher at consultants LURHQ. “Traditionally it has been much more low-key, but I guess that wasn’t good enough for them.”
Once infected the user’s computer will be attacked by a combination of viruses, trojan horses and spam.
The Bofra worm appeared only four days after the Internet Explorer flaw was reported. It affects all Windows platforms except those using Service Park 2 (SP2) – an update that is yet to be installed on thousands of computers due to its incompatibility with some software.
Banner based exploits first appeared earlier this year. An adware Trojan known as Virtumode makes popups appear that are related to whatever the user has been searching for on a browser. As Stewart wrote in his description of the exploit, a user visiting a page with keywords related to travel would suddenly find relevant adware appearing on their computer.
But Stewart claimed that users shouldn’t be overly concerned. “This isn’t going to spread that quickly. It doesn’t travel in the right way to be huge menace. We aren’t going to see another Sasser or Blaster,” he said.