Slashdot Mirror

← Back to Stories (view on slashdot.org)

Banner Ad on Myspace Serves Adware to 1 Million

Posted by ryuzaki0 on from the have-some-pop-ups dept.

An anonymous reader writes "Washingtonpost.com's Security Fix blog reports that a banner ad running on MySpace.com and other Web sites used a Windows security flaw to push adware and spyware out to more than one million computer users this week. The attack leveraged the Windows Metafile (WMF) exploit to install programs in the PurityScan/ClickSpring family of adware, which bombards the user with pop-up ads and tracks their Web usage."

15 of 390 comments (clear)

  1. Excellent. by Anonymous Coward · · Score: 5, Funny

    Darwinism works!

  2. Prosecute virus creating companies. by Facekhan · · Score: 5, Interesting

    And they wonder why consumers want to block all ads. Its because of illegal virus ads like this. If they prosecuted spyware companies the way they do with other virus creators we would not have as much of a problem with people setting up shop as if this is a legitimate business and then hijacking people's computers for profit and waiting for enough complaints to pile up that maybe the state attempts an enforcement action which at worst closes the company and more likely a few small fines and promises to behave in the future. Either way the owners of these companies never serve a day in prison for releasing their viruses.

    1. Re:Prosecute virus creating companies. by Ethan+Allison · · Score: 5, Funny

      People on non-Windows platforms are generally not the targets of ads, as indicated by XP-styled "message box" banners.

      --
      I make websites and stuff. Buy one.
    2. Re:Prosecute virus creating companies. by tehshen · · Score: 5, Insightful

      Who can take a company/site serious when they are (through their ads) trying to outright scam their customers?

      This works for the same reason that spam works - it's cheap to do, and only a few stupid people need to click on the ads for them to be making money again.

      --
      Guy asked me for a quarter for a cup of coffee. So I bit him.
    3. Re:Prosecute virus creating companies. by Bogtha · · Score: 5, Insightful

      I have to disagree with both of you. People block ads not because of risk, not because they take up too much bandwidth and processor power, but because they take up too much attention. People want to pay attention to the real content, not wade through fake distracting crap that wants to sell them something.

      --
      Bogtha Bogtha Bogtha
  3. I love how the submission links the comments by Neoncow · · Score: 5, Insightful

    This way we don't even have to read the article if we want to! We can just comment about the comments of the article. =D

  4. This comes right after a Flash hack by ben+there... · · Score: 5, Interesting
    Tom (the site's...er, spokesperson) left this message in everyone's Inbox on the 17th:

    Latest Update: 05:15PM PST, Monday, July 17th.
    hey folks - we are moving myspace music players and video players to flash 9.0. flash 9 has security fixes so that people can't mess with you on myspace. if your 'about me' got screwed up this weekend, you could have been safe if you had flash 9 installed. here's an easy way to install it, go watch this dashboard video i posted last week. if you don't like dashboard, just watch any video in our video section, and you'll be prompted to install flash 9.

    His solution to the hack that destroys a section of your profile is not that he will fix the site, but that you should install Flash 9.
  5. Re:First time? by hendridm · · Score: 5, Funny
    Makes me question myspace, you'd think they have people watching for these sorts of attacks.

    Hah, that's like finding a loaded diaper in a garbage dump and then complaining about the level of sanitation.

  6. All your Myspace are belong to us? by davidwr · · Score: 5, Funny

    "It's called My Space not Your space for a reason."
        -MySpace Vice President In Charge Of Revenue Generation

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  7. Just update by bigtimepie · · Score: 5, Funny
    From the article:
    Microsoft released a patch in January to fix a serious security flaw in the way Windows renders WMF
    What is clear from this attack is that there are plenty of people who still haven't installed this security update from Microsoft.
    If your OS puts out a security fix, it's probably for a reason. This could have been avoided for everyone just by keeping up-to-date.
  8. DNS Ad-blocking by computergeek1200 · · Score: 5, Informative

    My solution to solve this problem is to block the domains of the servers that host these ads such as (pagead2.googlesyndication.com) by using a dns server. This is better than firefox ad-blocking or most other systems. This system prevents any connection to the advertising server. I have a dns server for ad-blocking that is publicly avaiable at 68.147.32.114.

    Click here to see if you configured your dns properly.
    1. Re:DNS Ad-blocking by Anonymous Coward · · Score: 5, Informative

      Using a public DNS server requires a fair amount of trust. I'd rather have just a list of hosts to block, which are widely available and much less of a security risk.

  9. Virus/adware-spreading ads by john_prog · · Score: 5, Informative

    Ads can be a growing security risk in the future. I'd like to ban all ads at work, but I can't do that since IE6 is the only allowed browser here and no extra software is allowed to be installed. Once I surfed to Dilbert website for comics that I thought would be safe, but Errorsafe malware tried to install itself to my machine (by ActiveX component in an ad). See http://koti.mbnet.fi/jnyman/dilbert.html screen capture here (the dialogue text is in Finnish, but the bottom line asks "Do you want to install Errorsafe program to your computer to check your computer for free (recommended)?". I complained about this to Dilbert website's webmaster and to Scott Adams and they replied that they're looking at the problem, but after that nothing. Haven't visited Dilbert website since at work. Hope this is not a growing trend.

    1. Re:Virus/adware-spreading ads by SCPRedMage · · Score: 5, Insightful

      In your case, the problem wasn't with the Dilbert website, and in the parent article, it wasn't a problem with myspace, either.

      The problem is with the ad-serving companies that these websites use. Either they're less-than-trustworthy, and are directly responsible for the exploits being used, or they sub-contract out, and don't care enough to keep an eye on their "partners". Usually, notifying the webmaster of the offending site is enough to get them to have a "talk" with their advertisers to resolve the situation.

      Of course, you probably already know this, but it bears repeating as it's something that can be missed by people not familar with the subject.

      Please, won't someone think of the n00bs?

      --
      My sig can beat up your sig.
    2. Re:Virus/adware-spreading ads by Anonymous Coward · · Score: 5, Interesting

      I had dilbert.com as my home-page for years, but recently gave up on it in disgust. 9 times out of 10 Firefox would block anything upto 3 popups, and then they started to carry an extremly obnoxious popup that even Firefox couldn't block. I figure anyone being that anti-social doesn't want me around, so I left. If I were Scott Adams I'd be outraged by United Medias total dimwitedness, but I guess his Clue departed many years ago.