November 10th, 2009
Major online ad site hacked, serving up exploit cocktail
A high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users surfing the net with unpatched third party desktop software.
According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net, which is described as a high-profile advertiser on the Internet realm. The site has been firing an assortment of exploits for several months, including exploits for vulnerabilities in Microsoft DirectShow and Adobe PDF Reader.
Here’s a list of the exploits associated with this attack:
- Microsoft DirectShow (CVE-2008-0015)
- Microsoft Snapshot Viewer (CVE-2008-2463)
- Microsoft Data Access Components (MDAC) CVE-2006-0003
- AOL ConvertFile() remote buffer overflow exploit
Websense said the rigged site also comes with an auto-loading malicious PDF file that attempts to exploit these vulnerabilities:
- Adobe Reader and Acrobat 8.1.1 buffer overflow (CVE-2007-5659)
- Adobe Acrobat and Reader 8.1.2 buffer overflow (CVE-2008-2992)
If the user’s browser is successfully exploited, Websense says a malicious file is downloaded and run in the user’s Windows home directory from another collaborated exploit site.
The company’s blog has screenshots of the attack site.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
