Up to a million users of MySpace and other sites serving up an ad for patio furniture this month may have been infected with surreptitious adware.
Delivered by ad networks, a banner ad for DeckOutYourDeck.com that ran on MySpace and other sites earlier this month was rigged to install up to five adware programs on the computers of users browsing an unpatched version of Internet Explorer, reports PC Mag. When malware security analyst Michael La Pilla of VeriSign's iDefense reported the problem, MySpace had already taken down the ad and was attempting to find the culprits.
iDefense estimates that the adware was installed on 1.07 million computers and was served on MySpace, Webshots and possibly Facebook pages, reports CIO Today. La Pilla found that the install program initiated by the banner ad contacted a Russian-language web server in Turkey that tracks the PCs on which the program has been installed.
Microsoft users who had not installed a Microsoft patch related to Windows Metafile (WMF) image files were vulnerable. Those using Firefox version 1.5 or later were protected.
MySpace chief security officer Hemanshu Nigam said in a statement: "This is a criminal act. This ad is being delivered by ad networks who distribute these ads to over a thousand sites across the Internet in addition to ours. We are working to have these ad networks remove this ad so that they do not appear on our site. At the same time we strongly urge all Internet users to follow basic Internet security practices such as running the latest version of the Windows operating system, installing the latest Windows security patches, and running the latest anti-spyware and anti-adware software. If users have applied the simple patch available from Microsoft.com, they will not be vulnerable to this criminal act."