Security researcher Roger Thompson got a surprise the other night when he borrowed a computer to view a friend's Facebook blog--Internet Explorer wanted to download some malicious Microsoft Data Access Components (MDAC) objects. That didn't seem right, so he tried another computer, and said "I got extra copies of the browser starting, and ads being served."
Thompson is no stranger to such tricks. He heads Exploit Prevention Labs, a company that specializes in finding and mitigating browser exploits found on Web pages. This attack really surprised him. It uses an exploit of MS06-014, which means if your computer has been updated with the latest patches from Microsoft issued since September 2006, you won't experience a thing. But if you haven't updated your Windows computer in more than one year, you'll be subjected to a barrage of unwanted adware.
On vulnerable machines, Thompson found that the banner ad on Facebook makes a call to bannerconnect, bannerconnect makes a call to yieldmanager, yieldmanager makes a call to valuead, and valuead makes a call to megapromition, which throws an exploit (MS06-014) and runs an adware installer. Thompson's latest blog explains the whole process in greater detail. The end result is that once infected, your Internet Explorer home page displays additional windows serving various ads.