Banner Ad on Myspace Serves Adware to 1 Million

An anonymous reader writes "Washingtonpost.com's Security Fix blog reports that a banner ad running on MySpace.com and other Web sites used a Windows security flaw to push adware and spyware out to more than one million computer users this week. The attack leveraged the Windows Metafile (WMF) exploit to install programs in the PurityScan/ClickSpring family of adware, which bombards the user with pop-up ads and tracks their Web usage."

Prosecute virus creating companies.

[Facekhan]

And they wonder why consumers want to block all ads. Its because of illegal virus ads like this. If they prosecuted spyware companies the way they do with other virus creators we would not have as much of a problem with people setting up shop as if this is a legitimate business and then hijacking people's computers for profit and waiting for enough complaints to pile up that maybe the state attempts an enforcement action which at worst closes the company and more likely a few small fines and promises to behave in the future. Either way the owners of these companies never serve a day in prison for releasing their viruses.

Re:Prosecute virus creating companies.

[jamar0303]

I remember that a couple of years or so back I got hit with a multiple Mac OS Classic-style dialog box ads from Japanese websites (mostly for dating sites with messages like "your love life is slowing down- need help?") but I have never gotten any Mac-style dialog box ads since then (only one OS X-style dialg box ad also from a Japanese website). I suppose that back before OS X the Mac was gaining more market share in Japan than PCs so those dialog box ads gained a Mac style rather than a PC style- that or Mac users there are more ...desperate for love... than PC users there.

Re:Prosecute virus creating companies.

[poot_rootbeer]

Seemingly serious sites can be littered with [malicious ads] and in regard to professionalism it just seems like scraping the bottom of the barrel.

MySpace is owned by Rupert Murdoch's News Corporation.

This comes right after a Flash hack

[ben+there...]

Tom (the site's...er, spokesperson) left this message in everyone's Inbox on the 17th:

Latest Update: 05:15PM PST, Monday, July 17th.
hey folks - we are moving myspace music players and video players to flash 9.0. flash 9 has security fixes so that people can't mess with you on myspace. if your 'about me' got screwed up this weekend, you could have been safe if you had flash 9 installed. here's an easy way to install it, go watch this dashboard video i posted last week. if you don't like dashboard, just watch any video in our video section, and you'll be prompted to install flash 9.

His solution to the hack that destroys a section of your profile is not that he will fix the site, but that you should install Flash 9.

Heh, on Facebook too.

[betterthanducttape]

Heh, I posted about this having been on Facebook earlier today in the Slashback article. I'm rather amazed that these things could have been active for days without getting caught and pulled by the websites. I'd ban the advertising company from my site after a stunt like this, no matter how much money they bring in. They just exposed hundreds of thousands of high school and college students to a virus for a quick buck.

Prosecute the "sellers" too

[SuperBanana]

Prosecute virus creating companies.

How about Myspace as well? It is easily argued that Myspace controls the banner space and content added to the 'global' site (ie every page). This is akin to aiding and abetting.

The sad thing is that a million PCs were infected, and probably 500,000 of them will -stay- infected. And will this even remotely hurt Myspace's market share/traffic? I seriously doubt it.

When you go to the community pool...

[inject_hotmail.com]

expect to pick up something special for the ride home.

I'm not trolling, but I can't stand myspace-type blogs.

People need to understand that the net costs money. If you didn't pull out your credit card to pay for the resources you consumed, you'll be pulling in something into your PC...and when the intelligence quotient is double-digit...

I've visited myspace exactly once. By accident. I'd consider it to be a sesspool of the Internet if I saw more than one profile. My sister, too, has been affected by the WMF exploit in a myspace profile. Let me just say that telephone support for Win98 on an ancient laptop is less fun than most things, including elevator rides with those people that feel that the body cleanses itself.

My perspective -- if one goes to myspace, one deserves its effects.

Re:Tips

[tacarat]

Actually, I'm wishing they'd update the flash player for Linux. Newgrounds has increasing amounts of games I can't play because of the old version. I'll be very sad if I miss a new RAB because of it...

Other than that, I agree with everything you put up.

Re:Just update

[0racle]

Lots of exploits that have been released have been fixed before the exploit made the rounds. Its just that the type of moron MySpace caters to are also the type of moron that won't ever learn how to do things right.

MySpace knows its users are idiots, and that they aren't going anywhere until their 15 minutes of fame are up. What do they care that ads they carry also target those same idiots.

Re:Tips

[Shippinator+Mandy]

"2. Uninstall Flash, you don't need that proprietary junk, 99% of all flash animations are ads/banners anyways." But what about the 1% that's entertaining or useful? I'm a huge webtoon fan, so if I uninstalled Flash, I'd be losing the use of some of my favorite websites. And I know I'm playing devil's advocate here, but most banner ads don't serve adware, spyware, or viruses. If they did, this wouldn't be news.

Really??

[Gorimek]

And they wonder why consumers want to block all ads. Its because of illegal virus ads like this

I thought I followed the field fairly well, but I have never heard of any previous virus ads like this.

Re:Really??

[babbling]

It happens all the time. It happened on LiveJournal only a month or two ago.

So THIS is how we got it...

Several of the computers here at work ended up with this somehow - at least now I know how it got it. Our particular problem broke Adaware and made it reboot as it started scanning, I spent two days fixing the fallout... what a wonderful pain in the ass this was. This explains it, all right. Glad to see people at least weren't doing this crap intentionally. Spysweeper, incidentally, does a good job of disinfection - it kept reinfecting after each reboot when we tried with other things.

(Fortunately IT still doesn't know it happened - we don't need ALL access revoked.)

Does Windows Defender Catch This?

[fragMasterFlash]

Anyone know if Windows Defender will catch the spyware component of this exploit? I suppose its a moot point since people who run IE unpatched aren't going to run Defender anyway.

Re:Slashdot one-ups Washington Post moderators

[walnutmon]

I don't get it? I don't see that post anywhere, did they take it down?

Re:Virus/adware-spreading ads

I had dilbert.com as my home-page for years, but recently gave up on it in disgust. 9 times out of 10 Firefox would block anything upto 3 popups, and then they started to carry an extremly obnoxious popup that even Firefox couldn't block. I figure anyone being that anti-social doesn't want me around, so I left. If I were Scott Adams I'd be outraged by United Medias total dimwitedness, but I guess his Clue departed many years ago.

MySpace's Response Was To..

[Absentminded-Artist]

...quickly upgrade all flash ads and video to Flash9 this morning. I was just prompted to upgrade to Flash9 (I don't really keep on top of Flash updates) an hour or so ago.

Although I'd like to see MySpace increase its response time, a week response time is fairly fast for corporations. Apple took two weeks to patch the vulnerabilities discovered last February and they were applauded for having a fast response. The shame is that Microsoft's glacier-like response to security vulnerabilities makes two weeks look speedy, and one week look positively instantaneous.

I realize that it will be popular to bash MySpace around here over this but the real culprits are, in order from least to greatest responsibility, the users who hadn't patched their OS with the latest updates, Microsoft for pushing such crappy code in the first place, and greatest of all, the ad agency that didn't catch this little beauty. They should lose their contract at the least over this, IMO. I use a Mac, Safari, and an adblocker style sheet, but I want to see an end to this. Kids shouldn't be used to propagate malwarez and if I was a band over at MySpace I'd be plenty ticked off about this, too.

Re:MySpace's Response Was To..

...quickly upgrade all flash ads and video to Flash9 this morning. I was just prompted to upgrade to Flash9 (I don't really keep on top of Flash updates) an hour or so ago.

Actually, that's been going on since last week, to resolve another issue where people were getting their pages overwritten by a different exploit.

I hesitate to call it a malicious exploit, considering the shit it's overwriting.

agrhh..

[stachu+trawki]

What pisses me off is that the company which created this ad is not being punished (at least it seems so). Ordinary people are raided, have their property literalily stolen for breaking into servers (which is right) or sharing hashes of some copyrighted material (which, at least in the cast of The Pirates Bay, *wasn't* illegal).
Now some company breaks into a million computers (using whatever means) and even though they make a lot more damage pretty much nothing happens to is. [Hint: you may also try substituting "Sony" for "some company".]
In Poland we have a law that states something like (IANAL) "accessing or modifying information stored on a computer system without authorization is illegal". I bet it's similar in most highly developed countries.
IMO, if anyone, the company who created this ad and Sony (for their rootkit) should have their servers raided and execs(?) arrested/prisoned.*)

On the other hand, it's amazing how powerful some governments are when a small company (often only allegedly!) doesn't pay all the taxes it "should" - often leading them to bankrupcy..**)

*) I know I'm talking about different countries, different jurisdictions, there's that damned "lobby", etc.. But from a common sense point of view that's exactly how things are.
**) There have been a couple of well known cases of this kind in Poland. But I'm guessing that althougt this country is a WTF on it's own, it's not alone when it comes to this sort of things.

Re:Virus/adware-spreading ads

[Sarisar]

Never had a problem, using Privoxy to stop shit like that. I even have turned OFF the popup blocker in opera / firefox / swiftfox / whatever else I'm using because privoxy gets 99% of them. Any it doesn't I just amend the rules to add it in.

Then again I set it to block almost everything by default.