what's the vector?

Posted Sep 1, 2005 16:03 UTC (Thu) by pflugstad (subscriber, #224)
Parent article: Banner ads: worse than you thought

In reading the article, I don't see anything at all indicating that this may have happened via an image buffer overflow. Looking around for other related messages, I do see someone else posting that more and more "droppers" (which is what asdf.exe appears to be) are coming in via .png or .jpg, but I still think it's still a leap to say that that is the vector here.

I just see a user posting about getting some kind of malware on his system, but no real information on how it got there. There's a long thread over on broadband reports that seems related:

<http://www.broadbandreports.com/forum/remark,14196120>>

Some people report getting it when running FF 1.0.6 on SuSE, which really makes me think this is not an image buffer overflow (a cross platform image buffer overflow would be a real piece of work). At the end, one question is whether this is coming in via an old Java hole, which might actually make more sense.