Slashdot Mirror
Banner Ad on Myspace Serves Adware to 1 Million
An anonymous reader writes "Washingtonpost.com's Security Fix blog reports that a banner ad running on MySpace.com and other Web sites used a Windows security flaw to push adware and spyware out to more than one million computer users this week. The attack leveraged the Windows Metafile (WMF) exploit to install programs in the PurityScan/ClickSpring family of adware, which bombards the user with pop-up ads and tracks their Web usage."
1. Use Mozilla Firefox.
2. Uninstall Flash, you don't need that proprietary junk, 99% of all flash animations are ads/banners anyways.
3. Maybe you want to "block loading of images from third-party sites".
4. Use the Adblock extension for Firefox, you can get it at http://adblock.mozdev.org/ and get some rules for it.
5. Use a more secure operating system.
I hate Myspace, it is a website that caters to retards, it is so dumb.
My solution to solve this problem is to block the domains of the servers that host these ads such as (pagead2.googlesyndication.com) by using a dns server. This is better than firefox ad-blocking or most other systems. This system prevents any connection to the advertising server. I have a dns server for ad-blocking that is publicly avaiable at 68.147.32.114.
Click here to see if you configured your dns properly.Ads can be a growing security risk in the future. I'd like to ban all ads at work, but I can't do that since IE6 is the only allowed browser here and no extra software is allowed to be installed. Once I surfed to Dilbert website for comics that I thought would be safe, but Errorsafe malware tried to install itself to my machine (by ActiveX component in an ad). See http://koti.mbnet.fi/jnyman/dilbert.html screen capture here (the dialogue text is in Finnish, but the bottom line asks "Do you want to install Errorsafe program to your computer to check your computer for free (recommended)?". I complained about this to Dilbert website's webmaster and to Scott Adams and they replied that they're looking at the problem, but after that nothing. Haven't visited Dilbert website since at work. Hope this is not a growing trend.
While I agree with you about myspace, the exploit is not by any means MySpace specific.
On previous occasions Falk AG has served exploits like this through websites like www.theregister.co.uk. In that case Falk had their ad delivery servers broken into.
This is not the first time and as the time goes we will see much more of this.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
The creation of this basically malicious content was wrong and should be punished by the Law, but please don't join the media and the less educated parts of our governments in refering to all computer security exploits as "viruses".
This attack is not a virus because it cannot spread to new hosts from infected machines. It is, more accuratly, a trojan, in that it is "executed" under the false pretence of being non-malicious code (I put "executed" in inverted commas because there is the additional issue of how it ended up actually executing native code on the infected machines).
Also, the people who recieve harsh sentances are normally writers of worms, rather than viruses. This is because the extremely rapid way in which some worms infect new machines can cause serious overload of the networks over which they spread, which tends to cause more $s of damage than the damage to the actual machines. Although these ads are wrong, they have not had that sort of global impact on networks.
So, while I agree that these people should be prosecuted and severely punished, I believe that it is misguided to say that they should be prosecuted under the same laws as virus and worm authors, as this would just muddy the water and add to the current situation where all computer users have to be worried about which laws they might be breaking.
# cat
Damn, my RAM is full of llamas.