The SANS Internet Storm Center (ISC), which tracks malicious Internet activity, said it was in the process of contacting other Falk customers in Sweden and the Netherlands that may have also been compromised. SANS ISC Director Marcus Sachs told eWEEK.com the fact that the ad servers were used to distribute the exploit suggests that hundreds of sites, and possibly millions of users, were affected.
"This is a strong candidate for an out-of-cycle Microsoft patch. There are real exploits circulating with real security risks," Sachs said, noting that the next scheduled patch from Microsoft wont be available until Dec. 14. "The fact that this has already been fixed in SP2 suggests that Microsoft has been aware of it for a very long time," Sachs said, noting it was also very possible that the vulnerability was fixed during the SP2 code rewrite. The ISC is urging Web site operators that serve banner ads to verify the banners do not contain the IFrame exploit code. "Or you might want to consider disabling banner ads for a little while to minimize the risk of accidentally infecting your users and propagating," the Center said. Because the vulnerability is easy to exploit, Sachs said it is very likely that malware for this issue will emerge in many flavors and colors. In addition to the possibility of becoming infected while surfing a Web site, there are e-mail propagation vectors, he added. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Sachs said the Center is highly recommending that users ditch the affected IE browser until Microsoft issues a fix.