"Those who fell victim were bombarded with pop-up adverts and had their net browsing habits monitored by the malicious software.
Reports suggest the advert has been running on MySpace for about a week.
The discovery of the rogue advert is only the latest in a series of security problems MySpace has suffered.
Security lapse
Only those who use MySpace via Microsoft's Internet Explorer browser and have not patched - or fixed - that program against the so-called Windows MetaFile (WMF) bug are vulnerable to the rogue advert.
The WMF bug was discovered in January 2006 and Microsoft produced a downloadable fix for it soon after. However, not all Windows users will have installed the patch and many people are likely to be vulnerable.
US computer security firm iDefense discovered the dangerous banner advert that has been seen on many MySpace pages. The code hidden in the advert exploits the WMF bug which preys on a weakness in the way Windows handles images.
On an unpatched browser the dangerous advert silently installs programs that pipe pop-up adverts to users and watches what they do online.
Digital detective work by iDefense and reported by the Washington Post uncovered computer servers which logged how many times the adware was installed.
read the rest here at bbc news
This is pretty scary if you ask me. I have a Myspace account, but I've never had spyware installed from it. I will either close the account or examine this closer with it. Just giving you guys a heads up on this.
No comments:
Post a Comment