MySpace banner ad infects millions of Windows users with spyware

By Derek Sooman on July 23, 2006, 4:29 AM
Millions of visitors to popular (as well as a number of other websites) may have been infected with spyware, according to security firm iDefense. iDefense claims that the spyware infects unpatched versions of Windows using a security flaw in the way the operating system and Microsoft Internet Explorer open Windows Metafile images.

A banner for loads a Trojan horse program onto unpatched systems. The installed spyware tracks the user's Internet usage and causes the infected system to be plagued with pop-up ads.

"This is a criminal act," said Hemanshu Nigam, chief security office at MySpace, in a statement. "This ad is being delivered by ad networks who distribute these ads to over a thousand sites across the Internet in addition to ours. We are working to have these ad networks remove this ad so that they do not appear on our site."
Ralph Thomas, a senior analyst for iDefense, feels that MySpace should have done more to prevent this. He claims that even though they are not the originator of content, the malware was delivered through their page so it was their responsibility.

"MySpace has some problems and this is a real blunder on their part," said Rob Ayoub, an analyst at the research firm Frost & Sullivan. "I can't believe any business would not scan or take more caution with banner ads posted on their sites. Ad network or not, there is no excuse for them not having a checking system."

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.