MySpace spreads worms and spyware

MySpace appears to be developing into a virus pool, which infects visitors just by calling up profiles and member pages - without any assistance from the user. MySpace is one of the largest social networking websites and already has around 100 million members, with more than 500,000 new members accessing the site every week.

According to Michael La Pilla, a malware analyst with the security business iDefense, over the last few weeks an online banner advertisement has attempted to infect visitors to MySpace.com with spyware. The attackers are clearly exploiting the vulnerability discovered early this year in the way Windows processes WMF images.

A patch from Microsoft has been available to fix this vulnerability since January. However, users who have not yet installed this patch had spyware from the PurityScan/ClickSpring family installed on their computers, which bombards the user with pop-up ads and tracks their web usage. A Turkish website recorded the number of successful infections. According to La Pilla, the data stored on the site showed that around one million computers had been infected. The banner advertisement came from deckoutyourdeck.com; however, the attackers' tracks then become lost in the web. You can check if your system is vulnerable to this attack with the WMF-Demo on the heisec Browsercheck.

At the start of this week, MySpace warned its members of infected user profile ("about me") pages, which could infect Windows PCs with worms, using a recently published vulnerability in Adobe's Macromedia Flash. The worm then alters the profile page and redirects visitors to a website containing political material.

See also:

• Hacked Ad Seen on MySpace Served Spyware to a Million, Washington Post security blog
• MySpace Attacked by Flash Worm, Washington Post security blog

(ju)