Hacked Ad Seen on MySpace Served Spyware to a Million - 07/19/2006


Fully vaccinated are you?
I've never visited MySpace, but it apparently is very, very popular.


Hacked Ad Seen on MySpace Served Spyware to a Million

An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company.

Michael La Pilla, an iDefense "malcode" analyst, said he first spotted the attack Sunday while browsing MySpace on a Linux-based machine. When he browsed a page headed with an ad for DeckOutYourDeck.com, his browser asked him whether he wanted to open a file called exp.wmf. Microsoft released a patch in January to fix a serious security flaw in the way Windows renders WMF (Windows Metafile) images, and online criminal groups have been using the flaw to install adware, keystroke loggers and all manner of invasive software for the past seven months.

Internet Explorer users who visited a Web page containing this ad and whose IE was not equipped with the WMF patch would not get that warning. Rather, their machines would silently download a Trojan horse program that installs junk software in the PurityScan/ClickSpring family of adware. This stuff bombards the user with pop-up ads and tracks their Web usage. Only a little more than half of the anti-virus programs used at anti-virus testing service AV-Test.org flagged the various programs that the Trojan tried to download as malicious or suspicious.

Using software that captures and analyzes Web traffic, La Pilla found that the installation program contacted a Russian-language Web server in Turkey that tracks how many times the program was installed, presumably because most of this adware is installed by third parties who get paid for each installation. The data there indicate that the adware was installed on 1.07 million computers, La Pilla said, adding that all seven of the Internet addresses contacted by the downloader Trojan appear to be inactive at this time.



My 18 yr. old son called me to the computer a couple of months ago to show me Myspace. What he showed me was apalling. Almost every kid on our dead end street had a myspace site and I must say the photos they posted of themselves were quite provocative.

I considered notifying parents but I deferred as I did not want to be accused of lurking Myspace.

What do you all think?



I saw this article this morning & sent a link to my friend who's daughter has a MySpace page...

I've tried looking thru a few pages, being a photographer some models I know put their photos up there. After 2-3 pages I gave up. I CANNOT STAND a site that starts playing any sounds automatically, let alone music!

Also, people have found various ways to "customize" their pages & usually ends up looking like **** & unreadable. (I also design websites so I tend to be picky about page layouts.) I just love big background photos with black text so you can't read anything...

It's a fad. It'll last until something else becomes cool & popular...

Top Bottom