The UK-based news site The Register was victimized by an advertisement provider, Falk AG, beginning Saturday. The ads served by Falk AG were carriers for the Bofra worm, which uses a buffer overflow in FRAME, IFRAME, and EMBED elements of pre-XP SP2 Internet Explorer.
The Register promptly issued a warning on Sunday morning, followed by a statement on restoration of service this morning. The Register estimates the number of visitors who could have been affected by this event, which is a good way to scope the extent of the incident.
Falk AG has also owned up to the incident, although its wording leaves a little to be desired. From the company's statement:
I like the mention of a "weakness" and a "weak point." That sounds like press-speak for misconfiguration, or unpatched vulnerability. Although Falk has many clients, on Dutch news site Nu.nl has reported on the event, along with The Reg.
According to this site, Falk has a history of serving up Trojaned ads. Maybe that will give me some traffic to inspect for my next book?