MySpace banner infected a million people
More than a million computers were infected with malware through a banner that spun on MySpace and other sites.
The Hacker Banner has exploited a known Windows Metafile (WMF) vulnerability to install victims of the PurityScan / ClickSpring family of programs on the computer - these are adware programs that track user behavior and generate advertisements pop-ups, reports WashingtonPost with reference to security specialists from the company iDefense . They first noticed the incorrect behavior of the banner. This was discovered by chance when one of the employees wandered through the pages of the MySpace.com portal using a Linux browser. At some point, a system message popped up on his computer asking if he wanted to open a file called exp.wmf.
The expert immediately understood what was happening. Back in January 2006, Microsoft released a patch covering a serious hole in Windows related to the processing of WMF images. Since then, seven months already, hackers have been actively using exploits for this vulnerability. But such a massive infection is observed for the first time.
')
Users with Internet Explorer under Windows, when visiting a page with the ill-fated banner, did not receive any system message. Their computer was attacked without warning: first, a Trojan horse was downloaded, which, in turn, installed spyware on the computer of the PurityScan / ClickSpring family .
Information about the successful hacking was sent to the Russian-language website in Turkey, where the number of victims was counted. According to this site, 1.07 million computers were infected.
The Hacker Banner has exploited a known Windows Metafile (WMF) vulnerability to install victims of the PurityScan / ClickSpring family of programs on the computer - these are adware programs that track user behavior and generate advertisements pop-ups, reports WashingtonPost with reference to security specialists from the company iDefense . They first noticed the incorrect behavior of the banner. This was discovered by chance when one of the employees wandered through the pages of the MySpace.com portal using a Linux browser. At some point, a system message popped up on his computer asking if he wanted to open a file called exp.wmf.
The expert immediately understood what was happening. Back in January 2006, Microsoft released a patch covering a serious hole in Windows related to the processing of WMF images. Since then, seven months already, hackers have been actively using exploits for this vulnerability. But such a massive infection is observed for the first time.
')
Users with Internet Explorer under Windows, when visiting a page with the ill-fated banner, did not receive any system message. Their computer was attacked without warning: first, a Trojan horse was downloaded, which, in turn, installed spyware on the computer of the PurityScan / ClickSpring family .
Information about the successful hacking was sent to the Russian-language website in Turkey, where the number of victims was counted. According to this site, 1.07 million computers were infected.
Source: https://habr.com/ru/post/4192/
All Articles