Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Spotify Ad Slipped Malware Onto PCs and Macs (techhive.com)

Posted by EditorDavid on from the Now-Playing dept.

An anonymous Slashdot reader quotes TechHive: Spotify's ads crossed from nuisance over to outright nasty this week, after the music service's advertising started serving up malware to users on Wednesday. The malware was able to automatically launch browser tabs on Windows and Mac PCs, according to complaints that surfaced online...the ads directed users' browsers to other malware-containing sites in the hopes that someone would be duped into downloading more malicious software.
It didn't last long -- Spotify quickly posted that they'd identified "the source of the problem." And they're not the only company dealing with hidden malware in ads, since the same thing has happened to both Google and Yahoo.

8 of 96 comments (clear)

  1. How difficult can it be by Anonymous Coward · · Score: 5, Insightful

    to have as a policy and requirement, that adverts only come as still images, or movie sequences? Why the f*ck would you allow actual 3rd party code to run inside your own software, to display an advert?

    1. Re: How difficult can it be by Anonymous Coward · · Score: 2, Insightful

      Oh yeah, blame the victim. I'm not even old but I remember the dot com boom and bust. The real reason we have this monstrosity is because the internet changed from hobby to business. What was supposed to be an information sharing network became a huge advertising platform. We have nothing to blame but corporate greed.

  2. Ads are bad by Anonymous Coward · · Score: 2, Insightful

    Ads are malware

  3. Shashdot has had this as well. by stfvon007 · · Score: 5, Insightful

    I have had something similar happen a couple times on slashdot - an ad redirects the whole page to a scam "You won a free apple laptop" page that tries to trick you into downloading malware. (for those who say it was a virus on the PC not slashdot, one of these times was on a fresh install of linux) This is why I have adblocker software and why slashdot is NOT whitelisted anymore. (Hint to slashdot's owners, Adopt the policy of the first poster and I may whitelist you again)

    --
    All misspellings and grammatical errors in the above post are intentional and part of my artistic expression.
  4. Yet another reason why Adblocking and Scriptblocki by Dr.+Crash · · Score: 4, Insightful

    Yet another reason why adblockers and scriptblockers are essential.

    Not just because ads chew up your pay-by-the-byte bandwidth, but because they are actively serving up malware.

    Sorry, all you ad-supported sites... find another business model. Your current methods are dying a very painful death.

  5. Enough of the IAB, ad networks and bad websites by StandardCell · · Score: 4, Insightful

    It is beyond unacceptable that:

    * Ad networks continue to be a vector for device infections both directly and indirectly
    * Ad networks track and profile users across websites without their consent
    * Websites use pop-over scripts to interrupt the viewing experience
    * Ad scripts and other ads use deceptive means to generate accidental clicks/taps
    * Websites redirect users unwittingly to app stores, particularly when said apps have nothing to do with the website content

    While I sympathize with website owners trying to monetize their content, they have left users with no choice but to block ads indiscriminately. The mobile browsing experience is particularly out of control now and shows what utter contempt or incompetence websites have regarding their user experience.

    The IAB and ad networks are complicit in allowing this situation to persist, yet focus all of their attention on trying to prevent ad blocking through technical and legal means rather than actually enforcing some standards of non-obtrusive advertising that doesn't threaten to direct you to some scummy malware site with a zero-day.

    Maybe it will take a few lawsuits, or boycotts, or just an overall drop in revenue for these deluded parties to stop this nonsense once and for all. Maybe it will be something else. Until the economics of serving and designing ads is tied to a positive UX, there will be an endless technological war to protect users from malicious ads.

  6. Ad networks ARE infection vectors. by Anonymous Coward · · Score: 2, Insightful

    Ad networks ARE infection vectors.

    Stop blaming the goddamned users, it's the AD NETWORK that infected everyone.

  7. This will keep happening until someone is sued. by Leslie43 · · Score: 3, Insightful

    I'm amazed no big company has stepped up to do it yet, how much are companies spending fighting all of these?

    Microsoft only stepped up it's game to stop the fake updates when they wanted to display ads in the OS, which tells you exactly how much these companies really care about it, so long as it's not truly effecting their bottom line or putting them at risk of being sued they won't bother. There's a reason ads have such a bad reputation and it's one that's well deserved.

    Besides adblockers, switch your dns to OpenDNS, they block most ad networks so your blocker has less to do.