Slashdot Mirror
Banner Ad on Myspace Serves Adware to 1 Million
An anonymous reader writes "Washingtonpost.com's Security Fix blog reports that a banner ad running on MySpace.com and other Web sites used a Windows security flaw to push adware and spyware out to more than one million computer users this week. The attack leveraged the Windows Metafile (WMF) exploit to install programs in the PurityScan/ClickSpring family of adware, which bombards the user with pop-up ads and tracks their Web usage."
1. Use Mozilla Firefox.
2. Uninstall Flash, you don't need that proprietary junk, 99% of all flash animations are ads/banners anyways.
3. Maybe you want to "block loading of images from third-party sites".
4. Use the Adblock extension for Firefox, you can get it at http://adblock.mozdev.org/ and get some rules for it.
5. Use a more secure operating system.
I hate Myspace, it is a website that caters to retards, it is so dumb.
His solution to the hack that destroys a section of your profile is not that he will fix the site, but that you should install Flash 9.
So if you're not a Windows or Mac OS X (PowerPC) user, you're SOL.
My solution to solve this problem is to block the domains of the servers that host these ads such as (pagead2.googlesyndication.com) by using a dns server. This is better than firefox ad-blocking or most other systems. This system prevents any connection to the advertising server. I have a dns server for ad-blocking that is publicly avaiable at 68.147.32.114.
Click here to see if you configured your dns properly.I have ad + flashblock installed because adverts look like shit.
Ads can be a growing security risk in the future. I'd like to ban all ads at work, but I can't do that since IE6 is the only allowed browser here and no extra software is allowed to be installed. Once I surfed to Dilbert website for comics that I thought would be safe, but Errorsafe malware tried to install itself to my machine (by ActiveX component in an ad). See http://koti.mbnet.fi/jnyman/dilbert.html screen capture here (the dialogue text is in Finnish, but the bottom line asks "Do you want to install Errorsafe program to your computer to check your computer for free (recommended)?". I complained about this to Dilbert website's webmaster and to Scott Adams and they replied that they're looking at the problem, but after that nothing. Haven't visited Dilbert website since at work. Hope this is not a growing trend.
While I agree with you about myspace, the exploit is not by any means MySpace specific.
On previous occasions Falk AG has served exploits like this through websites like www.theregister.co.uk. In that case Falk had their ad delivery servers broken into.
This is not the first time and as the time goes we will see much more of this.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
wow... ok so not to interupt and windows hate fest.
but the WMF exploit has been patched since jan of this year
anyone that got hit by this only has themselve to blame.
actually I am happy to see you, however that is in fact a banana in my pocket.
The creation of this basically malicious content was wrong and should be punished by the Law, but please don't join the media and the less educated parts of our governments in refering to all computer security exploits as "viruses".
This attack is not a virus because it cannot spread to new hosts from infected machines. It is, more accuratly, a trojan, in that it is "executed" under the false pretence of being non-malicious code (I put "executed" in inverted commas because there is the additional issue of how it ended up actually executing native code on the infected machines).
Also, the people who recieve harsh sentances are normally writers of worms, rather than viruses. This is because the extremely rapid way in which some worms infect new machines can cause serious overload of the networks over which they spread, which tends to cause more $s of damage than the damage to the actual machines. Although these ads are wrong, they have not had that sort of global impact on networks.
So, while I agree that these people should be prosecuted and severely punished, I believe that it is misguided to say that they should be prosecuted under the same laws as virus and worm authors, as this would just muddy the water and add to the current situation where all computer users have to be worried about which laws they might be breaking.
# cat
Damn, my RAM is full of llamas.
Block Ads: Mike's Ad Blocking Hosts File
I use it, I love it.
It is a problem for a company to check the ads embedded on its pages when those ads are served by another company.
Only a general link is embedded in the page which causes the user's browser to makes a request to the ad companies server. Every time the link is used a different ad is served. The ad travels directly from the ad company to the user, nothing of it is seen by the company hosting the page.
The ad company likes this arrangement because they then know the ad they are paying for was really served. So the only control the hosting company has is by writing it into the contract, which as often they are the junior player, they probably don't have much control over. I know they could go to another ad company, but they will probably end up with similar terms there.
So I think you can try and hold the page owner responsible if you like, but I don't think this will have any practical impact. It's the ad company that has the opportunity to verify the ad is not anti-social, so it would be better sue them.
riiight, and the "pirate" part of pirate bay has nothing to do with piracy or evil pirates, just the happy, romanticized, andventurous movie-star type of pirates, like Johnny Depp
Actually, most libraries go out of their way to destroy your checkout history. One common library checkout systems only keeps track of the person who has that particular copy at that moment. The only way to look up the book is by its inventory number. Searching by patron name returns no result. Once the book is checked in the record is modified saying that the library has it. The result is that there is no history of who had what books or what books you have read.
Libraries are notorously at odds with the PATRIOT Act and have risked loss of federal funds to do what they can to protect patron privacy.
Disclosure: My wife works for a local public library.
Boobies never hurt anyone. - Sherry Glaser.
Wow.. lots of psycho mods today... parent post is troll or flamebait.. not insightful