Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Spotify Ad Slipped Malware Onto PCs and Macs (techhive.com)

Posted by EditorDavid on from the Now-Playing dept.

An anonymous Slashdot reader quotes TechHive: Spotify's ads crossed from nuisance over to outright nasty this week, after the music service's advertising started serving up malware to users on Wednesday. The malware was able to automatically launch browser tabs on Windows and Mac PCs, according to complaints that surfaced online...the ads directed users' browsers to other malware-containing sites in the hopes that someone would be duped into downloading more malicious software.
It didn't last long -- Spotify quickly posted that they'd identified "the source of the problem." And they're not the only company dealing with hidden malware in ads, since the same thing has happened to both Google and Yahoo.

7 of 96 comments (clear)

  1. How difficult can it be by Anonymous Coward · · Score: 5, Insightful

    to have as a policy and requirement, that adverts only come as still images, or movie sequences? Why the f*ck would you allow actual 3rd party code to run inside your own software, to display an advert?

    1. Re:How difficult can it be by alvinrod · · Score: 4, Informative

      Why the f*ck would you allow actual 3rd party code to run inside your own software, to display an advert?

      Most savvy users wouldn't which is why they use some kind of ad blocker or no script plugin. Even if asa weren't vectors for malware infection, video ads and trackers tend to chew through bandwidth and batteries as well.

      If websites limited themselves to static images without the massive number of trackers, I'd be far more likely to turn off the blocker. But for whatever reason, advertisers pay websites more if they use the world's most annoying shit.

  2. Shashdot has had this as well. by stfvon007 · · Score: 5, Insightful

    I have had something similar happen a couple times on slashdot - an ad redirects the whole page to a scam "You won a free apple laptop" page that tries to trick you into downloading malware. (for those who say it was a virus on the PC not slashdot, one of these times was on a fresh install of linux) This is why I have adblocker software and why slashdot is NOT whitelisted anymore. (Hint to slashdot's owners, Adopt the policy of the first poster and I may whitelist you again)

    --
    All misspellings and grammatical errors in the above post are intentional and part of my artistic expression.
  3. Yet another reason why Adblocking and Scriptblocki by Dr.+Crash · · Score: 4, Insightful

    Yet another reason why adblockers and scriptblockers are essential.

    Not just because ads chew up your pay-by-the-byte bandwidth, but because they are actively serving up malware.

    Sorry, all you ad-supported sites... find another business model. Your current methods are dying a very painful death.

  4. Enough of the IAB, ad networks and bad websites by StandardCell · · Score: 4, Insightful

    It is beyond unacceptable that:

    * Ad networks continue to be a vector for device infections both directly and indirectly
    * Ad networks track and profile users across websites without their consent
    * Websites use pop-over scripts to interrupt the viewing experience
    * Ad scripts and other ads use deceptive means to generate accidental clicks/taps
    * Websites redirect users unwittingly to app stores, particularly when said apps have nothing to do with the website content

    While I sympathize with website owners trying to monetize their content, they have left users with no choice but to block ads indiscriminately. The mobile browsing experience is particularly out of control now and shows what utter contempt or incompetence websites have regarding their user experience.

    The IAB and ad networks are complicit in allowing this situation to persist, yet focus all of their attention on trying to prevent ad blocking through technical and legal means rather than actually enforcing some standards of non-obtrusive advertising that doesn't threaten to direct you to some scummy malware site with a zero-day.

    Maybe it will take a few lawsuits, or boycotts, or just an overall drop in revenue for these deluded parties to stop this nonsense once and for all. Maybe it will be something else. Until the economics of serving and designing ads is tied to a positive UX, there will be an endless technological war to protect users from malicious ads.

  5. This will keep happening until someone is sued. by Leslie43 · · Score: 3, Insightful

    I'm amazed no big company has stepped up to do it yet, how much are companies spending fighting all of these?

    Microsoft only stepped up it's game to stop the fake updates when they wanted to display ads in the OS, which tells you exactly how much these companies really care about it, so long as it's not truly effecting their bottom line or putting them at risk of being sued they won't bother. There's a reason ads have such a bad reputation and it's one that's well deserved.

    Besides adblockers, switch your dns to OpenDNS, they block most ad networks so your blocker has less to do.

  6. And these idiots wonder why by Chas · · Score: 3, Interesting

    Seriously, the advertising industry wonders why we hate ads and ad delivery platforms so much.

    Because of shit like this.

    --


    Chas - The one, the only.
    THANK GOD!!!