flowerpot Posted July 24, 2006 Share Posted July 24, 2006 An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company. Michael La Pilla, an iDefense "malcode" analyst, said he first spotted the attack Sunday while browsing MySpace on a Linux-based machine. When he browsed a page headed with an ad for DeckOutYourDeck.com, his browser asked him whether he wanted to open a file called exp.wmf. Microsoft released a patch in January to fix a serious security flaw in the way Windows renders WMF (Windows Metafile) images, and online criminal groups have been using the flaw to install adware, keystroke loggers and all manner of invasive software for the past seven months. Internet Explorer users who visited a Web page containing this ad and whose IE was not equipped with the WMF patch would not get that warning. Rather, their machines would silently download a Trojan horse program that installs junk software in the PurityScan/ClickSpring family of adware. This stuff bombards the user with pop-up ads and tracks their Web usage.Ouch. Quote Link to comment Share on other sites More sharing options...
Guest sirchickski Posted July 24, 2006 Share Posted July 24, 2006 On myspace it says they just had a power shortage :s when did that happen? Quote Link to comment Share on other sites More sharing options...
Steve Posted July 24, 2006 Share Posted July 24, 2006 MySpace has been infecting computers via spyware for ages. They don't give a fuck either. Quote Link to comment Share on other sites More sharing options...
Matt Posted July 24, 2006 Share Posted July 24, 2006 so did u have to click it to get done? Quote Link to comment Share on other sites More sharing options...
Steve Posted July 24, 2006 Share Posted July 24, 2006 If you're using XP and you don't update it, then no action is required on your part to become infected. That WMF exploit fucked up so many people that for the first time ever, Microsoft recommended a third party patch until their own was done. It was patched several months ago. Quote Link to comment Share on other sites More sharing options...
flowerpot Posted July 24, 2006 Author Share Posted July 24, 2006 Yep,just thought to make others aware,patch your Winblowze. Quote Link to comment Share on other sites More sharing options...
Steve Posted July 24, 2006 Share Posted July 24, 2006 http://www.benedelman.org/spyware/images/180-022006.wmv Quote Link to comment Share on other sites More sharing options...
monophonic Posted July 24, 2006 Share Posted July 24, 2006 damn, i was just wondering why my browser freezes as soon as i go there.. Quote Link to comment Share on other sites More sharing options...
Guest sirchickski Posted July 24, 2006 Share Posted July 24, 2006 thats odd cos i aint updated cos im on a "non genuine windows" and i aint been infected by anything.. although im using firefox which doesnt allow just things to download without me being informed first. Altho saying that you all know what my desktop is like. Its indestructable hehe Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.