The attack on a load balancing server at Germanys Falk eSolutions caused the Bofra/IFrame exploit, a variant of MyDoom, to be delivered along with the ad banners of as many as 150 of the companys clients. These include A&E Networks, IDG and The Register, where the hack was apparently first discovered.
The hack took advantage of a recently discovered weakness in Internet Explorer that, alas, had yet to be patched. Windows XP SP2 (Service Pack 2) users were immune, which is great for them but bad news for everyone else.
The damage from this hack is probably more psychological than practical, pointing out as it does that no part of the public Internet—no matter how supposedly well-managed or protected—can really be considered "safe."
It reminds us that even if we take proper steps to protect our own systems, there is no guarantee that lapses wont occur someplace else. And for some users, who cannot yet install SP2 due to application conflicts, the lack of a patch meant they had no protection at all.
Its important to remember that the majority of business users are still using (unprotected) Windows 2000 and will be even if Microsoft goes through with plans to end support with the new year. This latest hack is another good reason why Microsoft should have ported the SP2 security fixes back to the software most people actually use.
Forcing people to upgrade to a new operating system to receive security fixes that could be implemented in earlier versions strikes more than a few people as sleazy. This may not be what Microsoft was attempting, but the customer frustration exists nevertheless.
Still, this episode raises a much larger question: Can the free Internet survive?