MySpace Ad Infects Million+ With Spyware

profdlpprofdlp The Holy City Of Westlake, Ohio
edited July 2006 in Science & Tech
If you still haven't gotten around to adding January's security patches to your computer you might take this as a not-so-subtle hint.
An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company.

Michael La Pilla, an iDefense "malcode" analyst, said he first spotted the attack Sunday while browsing MySpace on a Linux-based machine. When he browsed a page headed with an ad for DeckOutYourDeck.com, his browser asked him whether he wanted to open a file called exp.wmf. Microsoft released a patch in January to fix a serious security flaw in the way Windows renders WMF (Windows Metafile) images, and online criminal groups have been using the flaw to install adware, keystroke loggers and all manner of invasive software for the past seven months.

Internet Explorer users who visited a Web page containing this ad and whose IE was not equipped with the WMF patch would not get that warning. Rather, their machines would silently download a Trojan horse program that installs junk software in the PurityScan/ClickSpring family of adware. This stuff bombards the user with pop-up ads and tracks their Web usage. Only a little more than half of the anti-virus programs used at anti-virus testing service AV-Test.org flagged the various programs that the Trojan tried to download as malicious or suspicious.
Spyware-deck.jpg

Source: Washington Post

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited July 2006
    That.... is.. just inexecusable.
  • airbornflghtairbornflght Houston, TX Icrontian
    edited July 2006
    I think MySpace may be in trouble.
  • djshowdowndjshowdown London
    edited July 2006
    so were firefox users ok?

    i never got a popup asking me what i wanted to do with the wmf file
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited July 2006
    djshowdown wrote:
    so were firefox users ok?

    i never got a popup asking me what i wanted to do with the wmf file
    It's a Windows/IE flaw, so you should be alright. As the article states:
    Internet Explorer users who visited a Web page containing this ad and whose IE was not equipped with the WMF patch would not get that warning.

    If you don't have Firefox set to automatically install crap like that (and I'm not even sure if you can set it that way), you should be alright. :)
  • djshowdowndjshowdown London
    edited July 2006
    fantastic :)

    yet another reason to use firefox over ie
  • MedlockMedlock Miramar, Florida Member
    edited July 2006
    djshowdown wrote:
    fantastic :)

    yet another reason to use firefox over ie
    Yet another reason not to use MySpace imo...
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited July 2006
    TheGr81 wrote:
    Yet another reason not to use MySpace imo...
    The really rotten thing is that this type of hack could affect any WMF image on any site. The fact that these rats got away with infecting over 1,000,000 computers is only going to encourage more of this nonsense.

    On a related note, I'm sure our SVT Swat Team could use some volunteers. A great way to fight back against this junk is to help the victims disinfect their computers and educate them in how to avoid future problems. The lower the effectiveness of this sort of business the more likely it is to diminish it as a problem for us all. :)
Sign In or Register to comment.