MySpace ads for “Deck Out Your Deck” (DeckOutYourDeck.com) have become a vector for spyware, infecting millions of users with the PurityScan and ClickSpring spyware trojans. The spyware then contacts a Russian server based in Turkey and reports on the installation of the spyware, and floods the user’s machine with pop-up ads.
Discovered just yesterday, the trojan-infested DeckOutYourSpace.com ads have infected MySpace visitors by taking advantage of a known security hole in Internet Explorer related to how IE handles WMF (Windows Metafile) files.
Microsoft had released a patch for the WMF vulnerability earlier this year, but not everyone is as diligent about applying security patches and fixes as they should be (let’s hope you aren’t one of them!)
MySpace, while decrying the DeckOutYourDeck.com infestation as criminal, has put the responsibility squarely on the victims. Said MySpace’s security officer, Hemanshu Nigam:
“This is a criminal act. This ad is being delivered by ad networks who distribute these ads to over a thousand sites across the Internet in addition to ours. We are working to have these ad networks remove this ad so that they do not appear on our site. At the same time we strongly urge all Internet users to follow basic Internet security practices such as running the latest version of the Windows operating system, installing the latest Windows security patches, and running the latest anti-spyware and anti-adware software. If users have applied the simple patch available from Microsoft.com, they will not be vulnerable to this criminal act.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
In otherwords, even though our system was infected and is the vector for this trojan spyware, if you had patched, you wouldn’t have been affected.
Good advice, or blaming the victim?
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
There is something Every One of us can do to help fight this spam issue! Sign up for your Free Knujon.com account. These people collect spam & junk email and send an opt out request to the sender. They have Shutdown several Thousand at last count junk & spam emailers web sites. Lets face it, lets All pull together and fight spam, its not going away until everybody does their part. There is Strength In Numbers
It’s like a person who does not follow a Doctor’s perscription to take three tablets of antibiotics every day. The person doesn’t follow the doctor’s advice and then says it’s the doctor’s fault.
I believe that this is another case of where STUPIDITY IS IT’S OWN REWARD.
Some people are either to lazy to do the right thing and too quick to blame someone else for their own mistakes.
I belive it is the users fault also. However I worry about the legit ads and sites trying to “stay afloat” with the income they receive when ads are clicked. Many great freeware projects could lose out.
Good advice — and completely true. It’s asinine to blame MySpace: they’re only one of thousands of sites running the same ad. The bottom line is, it’s foolish to surf without protection. Blaming someone else for your own idiocy isn’t reasonable.
I agree. If you don’t patch your system and still click on ads, you deserve what you get. Maybe you’ll learn next time.
I fully agree with them, and the person who was first to comment.
Good advice. It’s amazing, these “malware” programs are released. The companies spend time and money to create patches, make automatic download of the patches, and STILL people won’t apply them! I can understand some corporate systems being cautious (they usually have other protective programs anyway), but not many companys use “MySpace”. Why people won’t apply the patches is beyond me!