Bofra exploit tied to 'massive botnet'
The attack on ad-serving company Falk that redirected some Reg readers on Saturday towards a site running malicious code may be part of a much bigger attack.
Security site vitalsecurity.org reports that a group of hackers - perhaps a criminal gang - is hacking web servers across the net and installing root kits that dynamically inject code into the pages served from the compromised web servers. The injected code effectively serves as a "front door" to a series of compromised hosts controlled by cyber criminals. These rogue hosts are running exploit code that takes advantage of the IFRAME vulnerability in Internet Explorer exploited by the recent Bofra worm.
By John Leyden at The Register.
[ Read more ]