Bofra/IFrame Exploits on More Web Sites. The Storm Center received a report this morning of a high profile UK website that contains a pointer on their main page to another URL hosting the Bofra/IFrame exploit. We have confirmed that if this site is visited using Internet Explorer the exploit will be downloaded. The site owners have been notified.
UPDATE, 1525 UTC. The site in the UK has been fixed. We have received reports of sites in Sweden and the Netherlands that were also compromised. This may indicate a more wide-spread attack across Europe. One suggestion is that the advertising servers rather than the sites themselves contain the exploit, which of course means that perhaps hundreds of sites are affected.
Marcus H. Sachs
Director, SANS Internet Storm Center
News: Major Exploit Underway...