MySpace.com infects 10^6 users

Status
Not open for further replies.
D

DelJo63

July 20, 2006 (IDG News Service) -- More than 1 million users of MySpace.com and other Web sites may have been infected with adware spread by a banner advertisement, according to iDefense, a computer security group.

The advertisement, for a site called deckoutyourdeck.com, appeared in user profiles on MySpace, an online community with at least 70 million users, said Ken Dunham, director of the rapid response team at iDefense, which is owned by VeriSign Inc.

The ad exploits a problem in the way Microsoft Corp.'s Internet Explorer browser handles Windows Metafile (WMF) image files.

The browser vulnerability raised alarms in December after hackers distributed a specially crafted WMF image through e-mail, instant messaging links and Web sites. If the image was opened, it could allow a hacker to gain control over a victim's computer.

There are at least 600 Web sites that take advantage of the WMF vulnerability, Dunham said. Microsoft issued a patch for the problem in January, but many consumer computers may not have applied the patch, leaving them unprotected.
 
Just in case anyone is unsure if they are vulnerable - the patch is HERE

The quickfix is: Un-register Shimgvw.dll : Click Start,Run, type regsvr32 -u %windir%\system32\shimgvw.dll, and then click OK.
 
Status
Not open for further replies.
Back