[ news_security_news ]
Another MySpace-Related Security Problem
Doug Caverly
Staff Writer
2006-07-20
 Security News RSS Feed
A new security issue has arisen with MySpace, the popular social networking site. This spyware is the latest in a string of MySpace-related problems. There's good news, though - if run Windows, and if you've bothered to update it since January, you should be safe from this threat.
Brian Krebs, in an article for the Washington Post, described how the spyware was discovered. "Michael La Pilla, an iDefense ‘malcode' analyst, said he first spotted the attack Sunday while browsing MySpace on a Linux-based machine," Krebs wrote. "When he browsed a page headed with an ad for DeckOutYourDeck.com, his browser asked him whether he wanted to open a file called exp.wmf."
Until Microsoft released a patch in January to address the issue, there was "a serious security flaw in the way Windows renders WMF (Windows Metafile) images, and online criminal groups have been using the flaw to install adware, keystroke loggers and all manner of invasive software for the past seven months," Krebs wrote. Which was exactly the fate that almost befell Michael La Pilla.
The spyware found in the MySpace banner ad was (fittingly enough) adware, ready to be ushered onto home computers by a Trojan horse. La Pilla traced the program back to a server in Turkey, and also discovered how many computers it had infected: over one million.
It might be debatable just how much safety people can really expect when they allow their security updates to be six months out of date. But it's still best to be aware of this sort of thing. And on that note - La Pilla "also spotted the ad trying to serve up adware on Webshots.com."
Add to | DiggThis | Yahoo! My Web
Technorati: Myspace, Spyware
About the Author:
Doug is a staff writer for SecurityProNews. InternetFinancialNews, SearchNewz, and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
