Hacked Ad Seen on MySpace Served Spyware to a Million

Hacked Ad Seen on MySpace Served Spyware to a Million ^ | July 19, 2006 | Brian Krebs

[burzum]

An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company.

[burzum]

If you haven't updated your computer in a while, you should make sure you perform a Windows Update to prevent this vulnerability from giving you spyware. I'm guessing that not many Freepers frequent MySpace often, but perhaps you have family members who do.

The WMF vulnerability was discovered in late December of 2005, and a patch was issued in January. But it is a very severe issue, and the fact that an advertising firm would intentionally use it in ads is criminal.

[youthgonewild]

Thank goodness I live in the 21st century and use Firefox

[A CA Guy]

I will do a scan, I caught the dog on Myspace the other day typing away.

[burzum]

Oops, can you change the source term of this thread to say "The Washington Post". Sorry for the inconvenience.

[LesbianThespianGymnasticMidget]

This is one time a class action works for me. MySpace and the advertiser. Make both of them hurt a lot.

[hotshu]

Bad Pooch! (Cute one though.)

[Global2010]

your best ever post Will U marryMe? I am aLab.

[A CA Guy]

He's four pounds of pure male doggie and would be up to the challenge I am sure.

[Crazieman]

Uh. Firefox is just as vulnerable to a lot of stuff.

My laptop picked up something nasty and I thought I was safe using Firefox.

Be on guard for anything, whatever you use.

[dayglored]

> This is one time a class action works for me. MySpace and the advertiser. Make both of them hurt a lot.

Huh? What about the foolish user who ignores massive warnings and doesn't use Automatic Updates or patch their system?

Let me put it this way:

1. A car manufacturer builds a car with an engine that requires oil for lubrication, and you buy the car from a car dealer who encourages you to drive around in it.

2. The manufacturer tells you in the manuals and in regular postings on the web, that you're supposed to check the oil regularly and keep it filled.

3. There are a huge number of news articles in the press you read daily that tell horror stories about what happens to people who don't check their oil regularly -- their engines sieze and blow up.

4. You (the buyer) ignore the manufacturer's warnings in the manual, and you ignore the regular postings on the net, and you ignore all the news articles.

5. One day, your oil runs out and your engine seizes up.

6. YOU INSTIGATE A CLASS ACTION AGAINST THE CAR DEALER??? OR AGAINST THE MANUFACTURER???

Sorry, that's freakin' lame. Anybody who hasn't patched their Windows systems in over 6 months has earned their viruses fair and square.

[CaliGangsta]

Firefox users weren't affected even if their Windows wasn't patched.

[Global2010]

: ]

[dayglored]

> Uh. Firefox is just as vulnerable to a lot of stuff.

The WMF vulnerability is in the operating system. It's not dependent on which browser you use.

I'm a big Firefox fan myself, but it's not a panacea when you run it on Windows. Windows is a swiss cheese for security.

Use Automatic Updates. Patch your systems. This was fixed 6 months ago.

It's unbelievable to me that people still ignore this. My mom just turned 82 last week, and SHE knows how to patch her own Windows system. C'mon folks.

[burzum]

Yes, Firefox was vulnerable to the WMF exploit, but not in the same way as IE. You had to explicitly execute the file, unlike IE.

In general, your browser will not protect you from your operating system's flaws. This is why if you use Windows, you need to make sure you perform the monthly updates, each and every month.

The good thing about Firefox is that it isn't the major target right now. Spyware or malware writers assume that IE users are an easier target and write their software accordingly.

[dayglored]

> Firefox users weren't affected even if their Windows wasn't patched.

Firefox is not a panacea. Most users aren't savvy enough to keep track of thousands of exploits and exactly which ones are specific to I.E. or Firefox.

The better observation is that an unpatched system is like having sex with every joker on Main Street. Your chances of catching something are nearly 100%, regardless of what browser you're using.

[BurbankKarl]

There are some good Republican forums on MySpace...

[JennysCool]

My laptop picked up something nasty and I thought I was safe using Firefox.

Don't be trolling those websites. You'll be fine.

[Nik Naym]

So you are saying it is OK to send out spyware and worms and trojans and such?

what you are saying is akin to saying that if you don't lock your car, a thief has a right to open it up and take your stuff out of it. After all, YOU didn't lock it, so you deserved to get robbed, right? And you have no legal right to demand action against the crook.

Same logic.

[HungarianGypsy]

Darling doggie! Looks like one who used to live in my neighborhood. That little dog would walk around like he was a big manly dog. Sadly, the neighbor's pit killed it in front of my driveway.

[oolatec]

No spyware for the Mac. ;)