Site operators are being cautioned to verify that the banners do not contain the IFRAME exploit code, or failing that, temporarily disable banner ads to minimize the risk of accidentally infecting users and propagating the exploit. The ISC did not identify any of the affected sites.
Users clicking on the banners are being infected with variants of the Bofra worm that has been propragating through e-mail and malicious web sites. Bofra appeared just days after the revelation of the IFRAME vulnerability, which affects Internet Explorer 6 on all Windows platforms except Windows XP Service Pack 2 (SP2). This vulnerability allows attackers to gain complete control of a user’s computer.
Microsoft has not issued a patch for the Internet Explorer IFRAME hole for users that have yet to install SP2. However, a German security researcher has issued an independent patch, prompting discussion among security vendors about the risks of “unofficial” patches.
Windows XP SP2 has been downloaded more than 105 million times, according to Microsoft, but some corporate IT departments have reported problems with installations. The ISC recommended that IE6 users who haven’t installed the SP2 update “utilize a different web browser until a patch is released by Microsoft.”