August 27th 2008 | Jens C Brynildsen
Two months ago, we wrote about a Flash Player exploit that could potentially cause havoc. Today it was known that the Norwegian MSN site served out malware ads to thousands of users, hidden as part of of a Honda commercial. Checking the ad content is obviously the responsibility of the ad network and it scares us that they don't understand the need for this.
According the The Norwegian version Computerworld, anybody visiting www.msn.no the last couple days may have gotten the malware payload - a trojan named Virtumonde. It's unlikely that Honda is aware that their ad is spreading the trojan, but what happens is that a small program is installed on the computer. The trojan is impossible to detect for the average user, it's silently installed without you noticing.
Security analytic Jan Roger Wilkens at Telenor says "The software is started right away and waits for commands about virtually anything - from sending spam, capturing passwords, banking details - it can do pretty much anything". He also notes that "It's tragic that it's probably Microsoft's most profiled site in Norway that spread this." Ironically, only Microsofts own operating systems are affected by the trojan. (Note: According to Symantech's listing for VirtuMonde, it's less aggressive that indicated by Wilkens in the ComputerWorld article. It could be a more recent version though)
Microsoft responded by closing down the entire ad system for a short while, but it took several hours until the ad containing the trojan was fully removed (apparently due to a lag in the system). Microsoft Norway says they will now go through their routines to ensure this never happens again.
Hackers are constantly working to find security flaws in software and since the Flash Player is the worlds most distributed software, it's a prime target. Hackers are not the only ones discovering bugs as well. Advanced users occasionally find unpatched security holes like this one and in general, Adobe responds quickly. The exploit will work on all but the very latest version of the Flash Player, so all Flash Player users are urged by Adobe to upgrade to this version as soon as possible.