Hackers have hijacked a server operated by Internet advertising company 24/7 Real Media and are using it to seed legitimate websites with ads carrying attack code, Symantec has said.
Windows users who visited sites with the attacking ads were infected if they browsed with Microsoft's Internet Explorer and had RealNetworks's popular RealPlayer media player program installed on their PCs, Symantec said in an analysis written by three company researchers.
This is the first time that malware has piggybacked on Internet ads served from a major advertising firm.
The attack should be a warning to the web, said Andrew Storms, director of security operations at nCircle Network Security. "So much of the content we consume today comes from many syndication services," Storms said in an email interview. "We trust that the content provided to us by Internet 'blue chips' is safe from malware.
"This should be a wake-up call for sites which offer syndicated content," Storms said. "They need to take a more active role in ensuring the security of [that] content."
Working off reports last week that RealPlayer and Internet Explorer could be exploited to infect Windows computers, Symantec researchers Aaron Adams, Raymond Ball and Anthony Roe used a compromised company honeypot to trace an attack back to 24/7 Real Media's server. Although Symantec didn't speculate on how the server was compromised, it did lay out the attack's progression.