iDefense Security Company Warns Over One Million MySpace.com Users Infected with Dangerous Adware
According to Ken Dunham, an expert at iDefense, the adware in question has primarily been distributed through an advertisement for the website deckoutyourdeck.com, which appears on the account management page of MySpace.
This adware exploits a security vulnerability in how Internet Explorer handles Windows Metafile (WMF) image files.
The WMF vulnerability was first reported in December 2005, after hackers distributed a malicious WMF image via email, instant messaging, and websites. If users open that WMF file, the embedded malicious code could allow hackers to gain control over the user’s system. To date, a total of 600 websites have targeted this WMF security vulnerability, Dunham stated.
In January of this year, Microsoft released a patch to fix the WMF security flaw. Unfortunately, many computer systems have not yet installed the updates, leaving them completely open to hackers.
This is why systems that have not installed the patch have become the easiest targets for attacks. Simply visiting a website containing a banner ad from deckoutyourdeck.com can immediately infect these systems with a Trojan. Systems that have installed the patch will receive a warning about a file named “exp.wmf” being downloaded, according to Dunham.
Once the aforementioned Trojan is activated, it will connect the infected system to a series of other websites to download a multitude of other malicious software, including the PurityScan adware. This software continuously pops up ads on the screen while recording all online activities of the user.
PurityScan adware is notoriously difficult to remove, requiring technical expertise.
iDefense estimates that approximately 1.07 million computers have been infected with this malicious software and warns users to quickly install security updates and enhance their security software.
Hoàng Dũng
