Network News

X My Profile
View More Activity

Hacked Ad Seen on MySpace Served Spyware to a Million

An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company.

Michael La Pilla, an iDefense "malcode" analyst, said he first spotted the attack Sunday while browsing MySpace on a Linux-based machine. When he browsed a page headed with an ad for DeckOutYourDeck.com, his browser asked him whether he wanted to open a file called exp.wmf. Microsoft released a patch in January to fix a serious security flaw in the way Windows renders WMF (Windows Metafile) images, and online criminal groups have been using the flaw to install adware, keystroke loggers and all manner of invasive software for the past seven months.


The Deckoutyourdeck ad launching the WMF exploit. (Courtesy of Michael La Pilla)

Internet Explorer users who visited a Web page containing this ad and whose IE was not equipped with the WMF patch would not get that warning. Rather, their machines would silently download a Trojan horse program that installs junk software in the PurityScan/ClickSpring family of adware. This stuff bombards the user with pop-up ads and tracks their Web usage. Only a little more than half of the anti-virus programs used at anti-virus testing service AV-Test.org flagged the various programs that the Trojan tried to download as malicious or suspicious.


Pop-up ads generated by ClickSpring adware. (Courtesy of Michael La Pilla)

Using software that captures and analyzes Web traffic, La Pilla found that the installation program contacted a Russian-language Web server in Turkey that tracks how many times the program was installed, presumably because most of this adware is installed by third parties who get paid for each installation. The data there indicate that the adware was installed on 1.07 million computers, La Pilla said, adding that all seven of the Internet addresses contacted by the downloader Trojan appear to be inactive at this time.


The Turkish Web site that counts installations. (Courtesy of Michael La Pilla)

La Pilla said he also spotted the ad trying to serve up adware on Webshots.com, a popular photo-sharing site. It's not clear when this particular campaign started, he said, but an anonymous user at the invaluable CastleCops security forum posted information about a similar attack spotted on MySpace on July 12. Users at this online gaming forum apparently spotted the same WMF exploit being served via the DeckOutYourDeck ad as early as July 8.

A WHOIS database search for Deckoutyourdeck.com listed a fax machine as a contact phone number, but also contained an e-mail contact at RedTurtleInvestments.com. A WHOIS search on that domain turned up an address at Springfusion.com, which appears to be a fairly new online-affiliate marketing company. Springfusion.com is registered to a guy in Seattle, who -- when I contacted him via e-mail -- replied that he was not connected with any of the sites I looked up.


Springfusion.com's home page.

What is clear from this attack is that there are plenty of people who still haven't installed this security update from Microsoft. It's also fairly obvious that scammers and online criminals are targeting high-traffic Web sites. Alexa currently rates MySpace as the sixth most-visited site on the Web (Webshots.com earned a distant 137th most-visited ranking).

I left a message with Webshots and with MySpace's media hotline, and will update this post if I hear anything from either of them.

Update, 2:50 p.m. ET:A Webshots vice president called back to say the company didn't have any information on the attack, but that it was investigating. Also, I changed the text above to reflect a clarification from La Pilla, who said while the counter page was written in Russian, the site itself is hosted in Turkey.

Update, July 20, 6:21 p.m. ET: Hemanshu Nigam, Myspace.com's chief security officer, issued the following statement in response to these attacks:

"This is a criminal act. This ad is being delivered by ad networks who distribute these ads to over a thousand sites across the Internet in addition to ours. We are working to have these ad networks remove this ad so that they do not appear on our site. At the same time we strongly urge all Internet users to follow basic Internet security practices such as running the latest version of the Windows operating system, installing the latest Windows security patches, and running the latest anti-spyware and anti-adware software. If users have applied the simple patch available from Microsoft.com, they will not be vulnerable to this criminal act."

By Brian Krebs  |  July 19, 2006; 12:37 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: MySpace Attacked by Flash Worm
Next: Point and Click DDoS Attacks

Comments

Why isn't MySpace doing something to protect it's users? The site is contracting with another company to serve the ads, why not write language into the contract requiring the ad companies to pay penalties when they serve advertisements like this? You should ask this of MySpace, Brian.

This just adds more reason for people to keep their machines updated. There is going to come a day when sofware companies are held liable for the craptastic software they produce and I can't wait for it to happen.

Posted by: Troy | July 19, 2006 3:12 PM | Report abuse

Incorrect link on "Alexa currently rates MySpace".

Posted by: WHH | July 19, 2006 4:16 PM | Report abuse

Would a computer be vulnerable to this spyware if the user was surfing the web using Firefox instead of IE?

Posted by: Anonymous | July 19, 2006 4:33 PM | Report abuse

Wow. The "Pedophile Community" must be devastated.

As I understand it --(often "Famous Last Words")-- WMF files are an end-around ActiveX controls, a catchy name for the same tune. It would seem Firefox defaults would be safe.

Posted by: GTexas | July 19, 2006 5:00 PM | Report abuse

Wow. The "Pedophile Community" must be devastated.

As I understand it --(often "Famous Last Words")-- WMF files are an end-around ActiveX controls, a catchy name for the same tune. It would seem Firefox defaults would be safe.

Posted by: GTexas | July 19, 2006 5:06 PM | Report abuse

Yes, still vulnerable -- but Firefox presents a dialog box asking you whether to download 'exp.wmf' or not. IE will silently save/run the code.

Posted by: FFX | July 19, 2006 5:08 PM | Report abuse

Why is the Texas-guy flaming the comments box? Go watch dateline or something.

Score one for Firefox. The most intricate spyware/exploits wont work if you can't even download it.

Posted by: Drew | July 19, 2006 5:16 PM | Report abuse

Troy -- Myspace, like most other big commercial sites on the Internet -- relies on third-party banner ad producers to produce content for them that cycles through on a regular basis. If those companies fail to check whether a banner ad has been tainted or contains malcode, well, then that company exposes its customers to risk. It's probably not realistic to expect Myspace or Websense to be able to comb through each banner that runs on its site (some of these larger sites have hundreds of banners that run from third-party sites).

Websense uses several different companies to produce these banner ads, so they're still in the process of figuring out which of their providers may have let this one through.

Posted by: Bk | July 19, 2006 5:17 PM | Report abuse

And once again us Mac users can sit back and laugh as Windows gets bombarded with viruses due to stupidly simple holes in the OS.

Why do companies blame users for not "keeping updated" when it's the companies fault for not writing the software properly in the first place?

Every time a security hole is found and exploited in an OS the maker should face steep fines. I don't care if it was patched 3 months ago silently, it shouldn't have been there in the first place!

Posted by: Tomis | July 19, 2006 5:17 PM | Report abuse

Great article - but what's the solution? How does one go about finding out if the trojan horse has been downloaded to their machine? What should someone do if it has?

Posted by: zpants | July 19, 2006 5:18 PM | Report abuse

This is absolutely hilarious. I wonder if more people got AIDS or this from Myspace?

Posted by: bvllets | July 19, 2006 5:20 PM | Report abuse

While firefox may not completely protect a user from the WMF flaw, any operating system other than Microsoft Windows will. ;-)

Posted by: Just_Noticed | July 19, 2006 5:20 PM | Report abuse

This trojan must have been created by the secret Hezbollah homosexual nazi sub-committee of Niagaras. I heard they are getting into internet terrorism.

Thoughts?

Posted by: yadings | July 19, 2006 5:26 PM | Report abuse

I love my mac more and more every day...

Posted by: narey | July 19, 2006 5:28 PM | Report abuse

The best security feature ever implemented by apple, was pricing them so that they'd keep a small userbase, and no one would bother attacking it.

Posted by: lawl | July 19, 2006 5:42 PM | Report abuse

No, the best security implementation by apple was to base their new OS on the freebsd code and basically use it for a backbone. You mac users should really thank the FreeBSD team, not apple, and the FreeBSD team lays thanks to linux, and linux lays thanks to the AT&T labs who created Unix. So really, thank AT&T. Wow, did I really arrive at that point?

Posted by: ed | July 19, 2006 6:28 PM | Report abuse

True, the mac put a hurt on my wallet while I paid it off, but it's been 4 years without a hitch, and i figure I could probably milk it for another 4. Also I use it for work, so I guess I have an excuse. Deffinately not a computer for the masses. Good point, lawl.

Posted by: narey | July 19, 2006 6:34 PM | Report abuse

Life's too short. Get a Mac.

http://www.apple.com/getamac/viruses.html

Posted by: Obvious Answer | July 19, 2006 6:49 PM | Report abuse

Nevermind a Mac! Thank god for my free Linux install! Go Ubuntu!

Honestly, I saw this on Digg, and had to laugh.

Suckers.

Posted by: Jeremy | July 19, 2006 7:04 PM | Report abuse

Although i love both mac and pc to think that its simply that windows sucks does miss the point.

If you were a virus writer would you really bother making something for a 4% market share (mac) or a 90% share (windows)....

Posted by: Dont believe the hype | July 19, 2006 7:17 PM | Report abuse

Perhaps My Space and other popular destinations could put warnings on their Homepages - with Links to a more Detailed HOWTO & Video - about changing the Security Settings of a PC to prevent such attacks - even if someone does NOT know how to do it, they probably have techie friends who do.

Posted by: Search-Engines-Web.com | July 19, 2006 9:01 PM | Report abuse

I'm kinda sick of hearing how Mac's are so great when it comes to being seemingly impervious to viruses... Don't get me wrong, Mac's are better _now_, BUT as soon as they capture more desktop market-share, viruses will be written for them more frequently. Same goes for Linux, BSD, Solaris, etc.

Posted by: d1verse | July 19, 2006 9:07 PM | Report abuse

Its not the popularity of the OS so much as its the security holes in Windows FROM RUNNING AS ADMIN BY DEFAULT.

Posted by: Brian | July 19, 2006 10:22 PM | Report abuse

I did get slammed with this and I have LavaSoft as the security program. I cant get rid of all the popups. Does anyone have any suggestions as to a solution? Thanks

Posted by: Anonymous | July 20, 2006 12:17 AM | Report abuse

MAC's vs Pc's... hmmm. You have to admit that market share does play a factor in writing viruses. So with that argument... why is it so hard to install a simple update once a month? I have had my pc for 8 years--- EIGHT YEARS! Same components (mostly), upgraded to 3 OS's. Never had a virus and only had one piece of spyware. I'm not bragging. I just feel bad for people who still argue the virus free MAC theory. Sure, if I had $2000 to get a MAC it may tempt me. Until then, I will stay with my PC and spend $200 every 3 years for the upgrade.

Question- is every MAC user a Democrat? Love to complain but have no answers :-)

Posted by: Mojo | July 20, 2006 12:21 AM | Report abuse

The truly amusing thing about Firefox's immunity to the exploit is the fact that it's due to a bug in Firefox (a typo, actually) which incorrectly characterizes WMF files.

Meedless to say, Firefox's developers have not rushed out a fix for that "bug."

Posted by: Ray Radlein | July 20, 2006 1:04 AM | Report abuse

Yes, it would seem that most Mac users are, in fact, Dems.

Look at their new ad campaign. It looks like Jimmy Fallon vs. Paul Allen.

Coincidence? Not bloody likely.

Lastly, if you're on MySpace and over the age of 20, your computer deserves a virus.

Posted by: Barry | July 20, 2006 1:22 AM | Report abuse

Brian, your solution is to upgrade. I suggest Firefox and Linux. Good luck.

Posted by: Greg | July 20, 2006 1:29 AM | Report abuse

Has anyone ever thought how tempting the Mac must be to the dark side of the hacker community? Even though it has 4% of the market share, it has a lot of security hype. What would it mean as a hacker to write the first *real* virus for Mac OS X? They would be the first to have broken in to something many have deemed as "unbreakable." If that's not a feather in their (black) hat, I don't know what is.

Posted by: Brent | July 20, 2006 1:30 AM | Report abuse

i gota agree with you barry.
you got a good point there.

Posted by: random guy | July 20, 2006 1:36 AM | Report abuse

"No, the best security implementation by apple was to base their new OS on the freebsd code and basically use it for a backbone. You mac users should really thank the FreeBSD team, not apple, and the FreeBSD team lays thanks to linux, and linux lays thanks to the AT&T labs who created Unix. So really, thank AT&T. Wow, did I really arrive at that point?"

Excuse me? Are you saying FreeBSD is built on Linux?

From wikipedia:

"Initial development of FreeBSD started in 1993, taking its sources from 386BSD. However, due to concerns about the legality of all the sources used in 386BSD and a consequent lawsuit between Novell (then owner of the UNIX trademark) and Berkeley, FreeBSD ended up re-engineering much of the system with the FreeBSD 2.0 release in January of 1995 using the 4.4BSD-Lite release from the University of California, Berkeley. The FreeBSD Handbook includes more historical information about the genesis of FreeBSD."

Posted by: sean | July 20, 2006 1:43 AM | Report abuse

Those Winblows users are getting bombarded lol! appletosh rules

Posted by: Anonymous | July 20, 2006 2:03 AM | Report abuse

"MAC's vs Pc's... hmmm. You have to admit that market share does play a factor in writing viruses. So with that argument... why is it so hard to install a simple update once a month? I have had my pc for 8 years--- EIGHT YEARS! Same components (mostly), upgraded to 3 OS's. Never had a virus and only had one piece of spyware. I'm not bragging. I just feel bad for people who still argue the virus free MAC theory. Sure, if I had $2000 to get a MAC it may tempt me. Until then, I will stay with my PC and spend $200 every 3 years for the upgrade.

Question- is every MAC user a Democrat? Love to complain but have no answers :-)

Posted by: Mojo | July 20, 2006 12:21 AM

The truly amusing thing about Firefox's immunity to the exploit is the fact that it's due to a bug in Firefox (a typo, actually) which incorrectly characterizes WMF files.

Meedless to say, Firefox's developers have not rushed out a fix for that "bug."

Posted by: Ray Radlein | July 20, 2006 01:04 AM"


SO...

Someone who has a Mac won't have problems, but that's no different from (I'm making this stat up) 1 in 9 Windows users?

If every Mac user is a Democrat, well, then ... I guess that just confirms my suspicion that every PC user is a paranoid Rebuplican stuck in the past; too terrified of the new reality and status quo to feel comfortable with it.

Hooray for baseless generalizations!


I can NOT be the only peron to find it hilariously ironic that someone who calls the Mac immunity to this phenomenon "a typo," also typed the words , "Meedless to say."

No, I am not the spelling/grammar Nazi; but if you choose to call somebody out on something like that, you *should* live up to your own standards - if nothing else, as the very lowest form of common courtesy.

Posted by: AmiAthena | July 20, 2006 2:19 AM | Report abuse

for god sakes mac zealots and linux people.

Microsoft has had a fix for this since freaking Jan 06, people that are getting hit by this have themselves to blame more than Windows.

Posted by: your mom | July 20, 2006 2:19 AM | Report abuse

Everyone's a zealot. Mac users, BSD users.

Bleh. Windows suck -- no news there. Macs are pretty, but missing a lot of functionality that people are used to (granted, there's a lot of functionality added, that mac users can really benefit from -- but it's like coming from a linux world to a windows world: there's always that nifty piece of software (even if it's just the lowly iptables) that you will miss).

I'm really tired of mac users saying how great their product is, when it costs more than an arm and a leg. I'm also tired of BSD users being so righteous -- at least the Apple team could get BSD to be a little bit user-friendly. Whilst there are BSD projects out there to make life a little easier (how about PC-BSD -- there's something which is solid, free, and user-friendly), most people will never engage in them because they're not techies, and don't have techie family/friends.

The strength of the open-source unix variants (BSD, Linux) lies in their open-source nature. I don't like leaving my security in the hands of a black box -- where I'm at the mercy of whether or not some monolith deems it necessary to patch the falws in their software. To anyone who thinks that macs are flawless, remember this: nothing is flawless. Everything will have holes. It's the response to those holes from the development community which makes the difference. At least with Linux and the open BSD variants, you should be patched up quickly. Good luck with a mac, in the event of a serious flaw being exploited.

So what's the answer for non-techie users? Try Ubuntu (http://www.ubuntulinux.com). You can even have cds of the OS shipped to you *for free*. The cds are live (so you can boot it and try it out), and install in a jiffy. Ubuntu can play nice alongside with whatever other OS you have -- so even you mac zealots can give it a bash. Now we're talking about freedom, solidarity, and a damn pretty desktop!

Posted by: Bleh | July 20, 2006 2:26 AM | Report abuse

Seems there is lots of spyware/adware being pushed on MySpace. There was a report (http://tech.netscape.com/story/2006/07/16/spyware-ad-on-myspace-uses-top-models-photo/) of another banner ad on MySpace for Starware, a well know source of malware. This one used a photo of an Asian model in a bikini with Osama's face pasted on it to attract clicks. Looks like that one wasn't as dangerous since users actually had to click to get infected.

Posted by: geomark | July 20, 2006 2:27 AM | Report abuse

okay Mac is Great in a way Graphics Design and Work...

But seriously for Gamers its CRAP...
Im a gamer a webmaster a c++ coder..
even with optimized Settings Tweaking Linux and so on using that Cedega and tweaking Wine... the game performance aren't 100%

So we all need to use Windows Cuz games developpers in general use Windows...

I have no complaint about windows Except that XP sucks and you gotta make your own customized ISo to remove all the needless crap...

but if you use Windows 2003 Standard or Ent.Serv. i can play games, code , host , and it's really stable.

Yes Mac isn't bad some games like Blizzards one run great but they is not enought software , games , hardware choices for Mac .. Like my TV Tuner won't run on a mac and so on...

Also you people says Blame the compagnies... i saw some Windows users ( total Newcomers on PC) get a Mac and Screw It so Badly... just because they tryed to install something that wasn't in dmg and they didn't have the knowledge...

Most of the Myspaces Userbase are Total Newbs crying over the web to get Laid so... seriously stop blaming windows for some spyware and virus its the Users Mass in general that is way too stupid to use a computer!

Posted by: RageX | July 20, 2006 2:38 AM | Report abuse

We have seen SO MUCH hacking and defacement activity from Turkey recently that we have taken the measure of blocking the entire country from all of our on-line services. We get an average of 300+ defacement attempts per night, with an average of ~250 from Turkey (the rest from Estonia and other Eastern European countries).
Turkey is really becoming a moniker for all that is wrong with web security at the moment.
There is even a "Security" site in Estonia www.zone-h.org which hosts a Digital Attacks Archive. This is a actually a ranking system for defacers and hackers which encourages these kids to outdo each other. Some of these guys post up wards of a thousand defacements a day on the ranking engine. How this is not criminal is beyond me, what if they were ranking Rapists ?

Posted by: Anonymous | July 20, 2006 3:04 AM | Report abuse

Posted by: Enter Filth | July 20, 2006 3:40 AM | Report abuse

Hi,

i see an AD for vegas red in your screen shot, you can track the affiliate ID (just check the profile value into the link), then as vegas red software is made and databases are owned by playtech.com - you may just mail them so they might give you some valuable information on the affiliate.

If no affiliate id, this would mean that vegas red itself advertised via this trojan and this would just burn them up.

esteban

Posted by: esteban | July 20, 2006 3:40 AM | Report abuse

Hmmm... on this very page:
http://blog.washingtonpost.com/securityfix/2006/07/myspace_ad_served_adware_to_mo.html

My copy of firefox blocked a popup and flashblock blocked two seperate flash ads.

I can't take this author seriously on this subject considering that.

Posted by: PopupHater | July 20, 2006 3:46 AM | Report abuse

Time someone organised a class action against Microsoft for having such vulnerable software.

Posted by: ubuntu user | July 20, 2006 3:56 AM | Report abuse

Well there is a new social networking site www.apbctr.com that is hoping to create the ads it uses for businesses in-house. Whether it works we will have to see - in the meantime though at least the site should hopefully be free from these issues that seem to come up with myspace, and other sites quite often.

Posted by: APB | July 20, 2006 4:02 AM | Report abuse

Well there is a new social networking site www.apbctr.com that is hoping to create the ads it uses for businesses in-house. Whether it works we will have to see - in the meantime though at least the site should hopefully be free from these issues that seem to come up with myspace, and other sites quite often.

Posted by: DJ | July 20, 2006 4:03 AM | Report abuse

I don't understand why lawyers haven't jumped on this and similar cases as a goldmine. All they have to do is sue the banner ad company and websense for unauthorized access, loss of productivity, etc. As agents of the advertising, they have a liability not to ensure that their advertisements do not damage the public's computers.

Even if they can't track down the third party who created this and kept track of illegal installations, surely they can sue the companies, claiming that the third parties are agents of theirs. Any lawyers of experts on agency theory care to comment?

Posted by: Seeker | July 20, 2006 4:10 AM | Report abuse

For all the people claiming that MacOS and Linux suffer less problems of this kind because Windows is more widely deployed than either of them, consider the webserver market. Think about how many (Microsoft) IIS exploits have swept the 'net in the last few years (Code Red anyone?) compared to (open source) Apache exploits - and this despite the fact that Apache dominates the webserver market in the same way that Windows dominates the OS market.

Once you've thought about all that, you might want to try thinking up a new argument that justifies the way that Windows keeps providing malicious coders with such a wide range of security flaws to exploit... because the one you're using right now doesn't seem very solid.

Posted by: Denny | July 20, 2006 5:43 AM | Report abuse


Brent said something about writing a virus for a Mac.

Already been done. Remember that nasty little exploit that allowed someone to trick the operating system into treating a file like an MP3, but really was something else? This meant you didn't even have to execute what could possibly appear to be malicious code. (Ie, a suspicious attachment in email) Just play an MP3. Proof of concept or not, patched or not, that was a really serious glaring hole in the MacOS security.

You would think after 5+ years of dealing with Outbreak Express and how easily you could trick it into making people think you were opening a different kind of file that Apple wouldn't end up making the same mistake themselves.

Don't be an idiot and pay for a clone box no better than any other. There's very very little separating a Mac from a generic PC hardware wise. (Except that nasty DRM chip that's included in every Mac computer now) - Your existing PC can run Unix, and run Unix (or even Linux) better than a Mac can.

Posted by: Jimbo | July 20, 2006 5:48 AM | Report abuse

Aren't there anti-hacking laws that apply to this?

There are anti-hacking laws in many countries. I'm sure even in Turkey or wherever may apply.

I'd think tampering with 1 million computers without permission and without good reason would be a criminal offense.

The owners of the guilty companies should be jailed and all that.

Why should bosses of companies get away easily? Especially when there's money involved - just follow the money.

After all those hackers who tamper with computers trying to get free phone service and do other silly stuff out of curiosity seem to get jailed when they are caught.

Posted by: davenull | July 20, 2006 5:48 AM | Report abuse

Why not show us the full URL for the Turkish web-site.
If every hit in that site is counted as an install (whether real or not) which triggers a payment by the bad guys.

So hammer the web-site with hits and get these guys in the wallet where it hurts.

Posted by: Mick | July 20, 2006 6:15 AM | Report abuse

BTW, the web site is not Turkish - the language is Russian and the numbers count the number of installations:

Title means = "Control panel"

From top to bottom:
Total installs, Installs per month, Installs per day, Installs per hour

The last two lines are "Installs" and "Clear" (no idea what are those two for).

Posted by: Jan | July 20, 2006 6:33 AM | Report abuse

@Jane : Last I checked Apache wasn't an OS. IIS being less secure than Apache has no bearing on OS security whatsoever (above and beyond not being able to run IIS on Linux). I can run Apache on my Windows server if I want to.

Posted by: NimbyDagda | July 20, 2006 6:35 AM | Report abuse

Don't want a virus from My-Space? Get rid of your kid's. They have screwed up my pc so many times I won't get a new one till they all have moved out!

Posted by: madmack | July 20, 2006 6:37 AM | Report abuse

Mojo - "Question- is every MAC user a Democrat? Love to complain but have no answers :-)"

LOL! so you'd call Rush Limbaugh and George W. Bush Dems?
As for the claim that they have no answers - that's just stupid. All of the Mac users here have been telling you the answer. Get a Mac.

So windows security vulnerabilities are a "feature" not a problem? On the Mac you are asked if anything tries to install a program. A windows "feature" is that things can install "useful" programs for you without you being "bothered" by having to agree to the installation. Nice feature!!

I would rather have democrats "lack of answers" than the bone-headed, incompetant, money-wasting, deficit busting, oil-company-profit-making, life wasting "solutions" the GOP has come up with in the last 5 years.

Posted by: Joe D | July 20, 2006 7:29 AM | Report abuse

The US asserts extra-territorial jurisdiction over on-line betting sites. Just a few days ago federal agents arrested the UK national who is CEO of BetOnSports.com when he stopped over in the US while on a plane trip from Costa Rica to London. The US also asserts each wager placed with BetOnSports is a separate act in a pattern of illegal activities, justifying using RICO against BetOnSports. The US has moved to seize billion$$ in assets under RICO.

The US should take the same approach with the spyware people. Many of them are in Russia, and Russia wants US approval to join the WTO. The US should extract from Russia a concession allowing the US to extradite Russian nationals or residents for these crimes.

Posted by: George | July 20, 2006 7:38 AM | Report abuse

For all you MAC!! Lovers who like OS X get a clue there are a bunch of viruses already attacking it because it is now a version of BSD. All That happened is the security flaws in BSD transfered to the Mac OSX. So if think you are still secure, think again. I have cleaned many of viruses from Macs......Besides MySpace Sucks and if you use it you're just asking for trouble(Don't be a idiot). PC Users buy Spy Sweeper it will be the best 30 bucks you spend...

Posted by: jtcpa | July 20, 2006 7:58 AM | Report abuse

People can complain all they want about "it's all market share". However:

(1) It isn't entirely true. But that would require getting into ActiveX, new window creation calls, and the fact that Windows hasn't historically discouraged everyone from running as "administrator" (root to us linux/unix people). Heck, Windows 9X didn't even _have_ file security.

(2) To me it just sounds like people whining about why they don't dare to be different. I've been online at home for 20 years coming up this Thanksgiving -- since February of '95 on true TCP/IP stack internet. How many virus attacks? How many trojans? ZERO. Let that sink in. ZERO reinstalls because of my system getting mucked up with crud. '95 into '01 was IBM OS/2 Warp. Linux since (on multiple machines on a home network).

so -- whatever floats your boat. But don't expect me to respect whining because you won't try something different.

Posted by: smchris | July 20, 2006 8:01 AM | Report abuse

The reason macs don't get viruses is no-one cares about them enough to bother hacking them.

You can only buy about three games for the mac anyway, pointless.

Posted by: Rick | July 20, 2006 8:07 AM | Report abuse

There's been a full patch for this flaw for over 6 months. Every one of those 1.07 million tards who are so freakin clueless that they haven't patched Windows in that time got exactly what they deserved.

For those that asked if having Firefox would prevent this, the answer is "yes", but so would having your freakin updates and if you HAVEN'T got those, why the he** are you downloading and installing 3rd party software to address the problem??

For all the MAC/Linux users: I too could write the worst POS operating system on EARTH for my PC and claim it was the most secure thing going because with an installed base that size who's going to write a virus to target it? Of course, I'd also not be able to run SFA on it, but then again, that'd be pretty much like owning a Mac too...

Posted by: mcsa | July 20, 2006 8:21 AM | Report abuse

You shouldn't buy a mac for the hardware. You should buy a mac for the OS. Unless you're a geek in which case Linux is great.

But Linux is all about diversity, so it will never have the level of integration support and consistency available on an OSX platform.

The entry level desktop mac is the mini at $599 - less if you or a friend go to or work at a school.

OSX is NOT invulnerable. If 95% of users ran OSX there would be viruses. But it would be superior to the way Windows is, for at least several reasons:

1. Privilege separation. No one runs an OSX box as root. Many, many people run a Windows box as an Administrator - because stuff doesn't work right or is a pain if you don't. OSX's system for keeping these separate is entirely smooth.

2. Microsoft culture of insecurity, especially ActiveX. I'm not trying to claim that Apple is unimpeachable in security practice but rather that Microsoft has a very bad history of making - and then keeping - insecure decisions. ActiveX is from its inception basically a way to let any site you browse to be able to control (including updating the OS on) your computer. You can make it ask you before it enables ActiveX per site or disable ActiveX, but that's what it's SUPPOSED to do. This is the easiest example to come to mind - and it's limited to IE - but it's not alone. Maybe Vista will be better, but I'll believe it when I see it.

3. Open Source: Unlike Microsoft, Apple does not develop nearly as many security critical applications in-house. They leverage tested open source technologies and just package them for OSX.

If you turn on the OSX integrated firewall you get the BSD firewall with a unified GUI. If you turn on the webserver you get Apache. If you use Safari most of the code is shared with Konqueror.

These advantages of OSX are shared by other *nix and *nix-related OSes. In a very real way OSX has split the world into "Microsoft" and "everyone else" and "everybody else" has a head start at security and a better track record.

(I definitely believe that this implies a Linux system patched very often would be more secure because it would get the improvements somewhat faster. But running Linux AND patching all the time is not a solution for most desktop users.)

~Arete

PS And yes, I think OSX does owe a huge debt to AT&T - but to the _old_ AT&T; the new "SBC renamed AT&T" is mostly an entirely different company that bought AT&T and took the name. Don't mistake them for a company with the quality and innovation of AT&T.

Posted by: arete | July 20, 2006 8:24 AM | Report abuse

I find it ironic that Firefox stopped this article from displaying a popup.

Posted by: mjmt | July 20, 2006 8:54 AM | Report abuse

"We have seen SO MUCH hacking and defacement activity from Turkey recently that we have taken the measure of blocking the entire country from all of our on-line services. We get an average of 300+ defacement attempts per night, with an average of ~250 from Turkey"

Ever tried to contact their ISP? What kind of a moron blocks entire country based on some script kiddies? What about legit users?

Glad real important sites doesn't have moron admins like that.

Posted by: Ilgaz | July 20, 2006 8:56 AM | Report abuse

This is in response to Jtcpa and other Mac commenters, both pro and con:

First off, Mac OS X is not new. it is not 'now' a 'version' of BSD, it uses the FreeBSD core from the University of California, Berkeley. It is not a form of Linux, as some have claimed, it is rather (according to www.freeBSD.org) a version of UNIX, which, as was previously noted was originally created by the Bell Telephone Company.

However, Mac OS X is not ONLY FreeBSD. The GUI riding on top of the BSD base is just as important as the underlying platform, and this is where a lot of the junk can be and is stopped.

Yes, FreeBSD, just like any other OS, has its faults and security holes. But Apple acts on any security advisories almost as soon as they are announced and usually has them plugged within days either through updating the FreeBSD core OS or the GUI to block attacks usually before they can be developed. This isn't to say it can't be done, but because of the small user base for the Mac AS WELL AS the expiditious manner in which Apple normally moves to prevent them, it isn't financially feasable for an attacker to even try!

Yes, I said 'Financially Feasable.' Why? because since the beginning of '06 more than 50% of new malware attacks have been centered around stealing money from the unprotected. No longer are the thieves content with Phishing to gain access to people's bank accounts and credit cards, they now actively attempt to worm into your machine to either directly access your account information or fool you into giving them that data by silently hijacking your browser when you attempt to legitimately access your account. Sources indicate that a hacker can now access your account WHILE YOU ARE DOING YOUR OWN BANKING from a compromised machine.

Now some people think they are protected from Spyware and Adware by just using LavaSoft or Spyware Sweeper. This is patently false. No ONE spyware solution will do the whole job, and some software that claims to be 'anti-spyware' is actually spyware itself, claiming to have found something in order to get you to buy their product, which only puts more adware into your machine.

The same can almost be said for antiviruses; unfortunately, you can't run multiple antiviruses on the same machine effectively and the best-known antiviruses are having to work extra hard now to keep the next new virus from deleting them from your drives.

In other words, because they are the most widely used, Microsoft Windows, McAfee and Symantic are probably the most prolifically attacked software in the industry. By attacking these three companies' products, a hacker/thief stands a better than 90% chance of stealing SOMEBODY's money simply because these three brands occupy roughly 95% of the corporate and home users' computers.

THIS is why the Mac is safer. Why attack 4% of the world hoping to get something from perhaps less than 1% of its users when you can attack 90% of the world with a chance to get something from over 40% of the users? Numbers don't lie. If you want to steal through the internet, drop your bomb in the biggest puddle.

Posted by: vulpine | July 20, 2006 9:03 AM | Report abuse

The "popularity" argument is pure unadulterated garbage that keeps getting trotted out in response to Windows versus everything else. In reality, all one needs to do to prove this line is abjectly false is look at how many high-profile sites are using IIS and Apache and look at how many Apache exploits are running about versus how many IIS ones. Aren't very many Apache ones out there, is there? People, please, quit spouting that one off- it's not about numbers- it's about thinking about security in the actual design from the get-go. Windows just doesn't do it and it shows with Spyware galore- with tricks like the WMF flaw that should have never been. Most of the security problems cropping up with Windows are of this caliber- they're due to things that should never have been done that way in the first place. Stating that they're patched now and people shouldn't be getting this stuff ignores the fact that it shouldn't have ever happened to begin with.

Posted by: Frank Earl | July 20, 2006 9:41 AM | Report abuse

myspace isn't to blame. if you want myspace to protect you why don't you start paying them a monthly subscription? here's a tip! don't go to myspace anymore!

Posted by: nate | July 20, 2006 9:46 AM | Report abuse

Just another note, I agree with Vulpine mostly. I just meant that if people would invest is a product like Spy Sweeper they would be slightly better off. I never said that is all you need. I use and entire suite of software.(AdAware Se, Spyware Blaster, Xoftspy Se, Spybot Search & Destroy, Windows Defender, Ewido, and Spy Sweeper.) All these apps oad some others are essenstial to make sure that your pc is clean. No one software is a fix all. Computers must require maintenance just like your car. I also use programs like Window Washer and Ccleaner to erase unwanted internet files and cookies from my pc.

I fix pc's and mac's for a living for more than 13 years now I have see both sides and all I can say is, " I do not fault the Mac hardware I think Apple Does that right. I do not care for there business practices. We are currently a reseller for Apple and they Sh#@ on you every chance they get. You have to pay them as a resller just to talk to them or get brochures for your customers(lame)."
In the end if Mac's were so great why only 4% of the computer market share.....Just wondering.


Posted by: JTCPA | July 20, 2006 9:59 AM | Report abuse

jdcpa,

are you prepared to tell me a ford crown vic is better than a BMW 5 series? just because it is more popular does not mean it is better.

Maybe in your business it is hard to deal with Apple but what about HP, Dell, and the like who, up until a short while ago, were forced to pay Microsoft a fee for every computer they sold WHETHER OR NOT it even had windows on it! MS's operating system may be so-so but their business practices were incredibly great. If you ask anyone that knows they will tell you it is not just marketshare that protects Macs. ALso not every user is as savvy as you are in protecting their computer. Laws are not written to restrict the actions of honest, kind and generous people (for the most part). Operating systems should also help protect non-tech savvy people.

Posted by: joe d | July 20, 2006 10:27 AM | Report abuse

Good grief. Just remove the virus and get on with life.

Posted by: v2 | July 20, 2006 10:39 AM | Report abuse

>>>>>>>
Every one of those 1.07 million tards who are so freakin clueless that they haven't patched Windows in that time got exactly what they deserved.
-------

So according to your rules of karma people that are clueless should get have their machines "owned?" Why do you accept the underlining assumption that your computer should need to be patched constantly? Maybe you are the clueless one?

>>>>>>>>>>
For those that asked if having Firefox would prevent this, the answer is "yes", but so would having your freakin updates and if you HAVEN'T got those, why the he** are you downloading and installing 3rd party software to address the problem??
-----

Because the 3rd party software is more secure then the 1st party software? What browser to you expect people to use? Wheren't you calling people clueless and deserving of this attack before and now you are saying the ones that aren't "clueless" are being stupid for downloading a more secure browser?

<<<<<<<<<<<
For all the MAC/Linux users: I too could write the worst POS operating system on EARTH for my PC and claim it was the most secure thing going because with an installed base that size who's going to write a virus to target it?
----------

First off, the worst commercialy OS on earth has already been written: Windows ME. Secondly, you have convinced me that your homemade OS would be secure, because there is no way you would be able make it run. The disparity in IIS vulnerabilities versus Apache's (apache's market share being the larger one), servers as a counter-example that illustates that marketshare alone cannot account for the huge number of viruses that target windows software.

<<<<<<<<<
SFA on it, but then again, that'd be pretty much like owning a Mac too...

Posted by: mcsa | July 20, 2006 08:21 AM
-------
Whatever SFA is, that is a weak troll.

Everyone wants to ignore that MS's security "model" is built on a foundation of sand. There are real problems with OS X, also, but are you telling me you cannot critical think about evalutating each OS on the merits of it's security foundations? Picture building a house in a swamp and building one on solid ground. Even if you cloud this issue with other factors you cannot escape the fact that one foundation is terribly inferior.

Computers are just tools. Just because you use the tool doesn't mean you have to defend it against superior tools. We all have different needs. Just don't blind yourself to the shortcomings of your tool because of some misplaced loyalty.

Posted by: darkarmani | July 20, 2006 10:45 AM | Report abuse

Oh, well then... 4% of the population can't be wrong - especially when they've spent so much money to be right.
PCs opened up a whole new world of music and graphic production to the average artist that was only available to the wealthy Mac owners previously. I have no problems, only joy.
I suggest some of you folks spend more of your time doing something, instead of cruising the Internet looking for a life.
Have a nice day :)

Posted by: piperllew | July 20, 2006 11:07 AM | Report abuse

Myth #1. "Macs aren't attacked because for their market share"

To some small extent true but not a major factor in why security in Mac OS X and current Linux systems is much higher than Windows. Windows by default does not use its NTFS security ACLs properly and allow malicious code to be install by the user and anywhere (C:, C:\Windows, C:\Windows\System32 and C:\Program Files"), which is generally creates admin rights for the default user and does NOT encourage the creation of a password when creating a new user. Only C:\Documents and Settings have their ACLs set correctly. In Linux and Unix root is the only person who can install software and the regular user doesn't have permissions. In Mac OS X even the admin accounts have to be asked before a package installer will install software automatically into the computer. Remove Active X and IE and you solve over 80% of internet related issues with Windows.

Take a look at upcoming Windows Vista for all the Windows fanboys. Microsoft is FINALLY putting in User Account Protection (UAP) in Vista when Unix and BSD have been doing it for decades! Just like it took them several YEARS to put in a basic pop-up blockers when every other browser was doing it.
Sorry but Windows fan will must concede that Microsoft has grown fat and sloppy over the years as being the monoply.
Microsoft churns out great products when faced with real competition or being the underdog (most of the time).

In the late nineties many of our SGI Irix computers where hacked. These days in my department the problem with hacked or compromised machines is 99% Windows, with the occasional Linux box. Mac OS 9 and Mac OS X computer have yet to be hacked into and our Mac population is larger than Irix and Linux. Therefore the myth that Macs have a smaller market share does not hold water. That being said no OS is invulnerable to attacks hence all our Macs have Anti-virus software on them and other protections.

Myth #2 "Macs cost an arm and a leg"
If you want to buy a Packard Bell and or the cheapest Dell, be my guest. I just don't go around comparing a Dodge Neon to a Honda Civic.

I recommend Apple Macbooks, Lenovo Thinkpads and Tecra or Qosmio, because of their quality and reputation.
They have a good standing with Consumer Reports. In fact as an enterprise customer I can't buy a $499 Dell laptop from their website. Dell will simply not sell it to us because they know we expect a certain service and reliability standard. Last friday a very large group of computer systems administrators met with our Dell representative to complain about their parts, computers, phone support and on site support. Dell's quality and service standards have fallen precipitously in recent years.

As for Apple's I have less finger pointing since they make the OS and the hardware, I don't have to hunt down device drivers and I can focus on making the computing environment better for my Mac users because I waste less time doing unnecessary work on Windows.

Remember that old adage "What you pay is what you get"

Posted by: Myth Slayer | July 20, 2006 11:09 AM | Report abuse

"It's probably not realistic to expect Myspace or Websense to be able to comb through each banner that runs on its site (some of these larger sites have hundreds of banners that run from third-party sites)."

This attittude is the reason we have this problem.

Is MySpace responsible for the content of their site or not? I say yes, they are. They need to be held responsible and they need to hold their advertising partners responsible. It is not only reasonable but we should demand that companies take responsibility for the content of their sites.

Posted by: Troy | July 20, 2006 11:29 AM | Report abuse

>>>>>
So according to your rules of karma people that are clueless should get have their machines "owned?" Why do you accept the underlining assumption that your computer should need to be patched constantly? Maybe you are the clueless one?
-----
Actually, using a computer is in many ways like owning a car, as the user you have certain obligations and responsibilities about the upkeep and maintenance of it. If you buy a car from your dealership and do nothing but drive it, you'll find that it doesn't work for long. If you then drag it back to the dealer and complain, they're going to laugh at you for not filling the gas tank, changing the oil, rotating the tires, checking the brakes etc. A user who, whether by ignorance or laziness, chooses not to follow a simple, easy-to-apply process to protect themselves has by their own (in)action EARNED their just reward when they are afflicted by perfectly preventable means. Users need to take some personal responsibility and STFU when their own lack of same leads to problems.

>>>>>
Because the 3rd party software is more secure then the 1st party software? What browser to you expect people to use? Wheren't you calling people clueless and deserving of this attack before and now you are saying the ones that aren't "clueless" are being stupid for downloading a more secure browser?
-----

FIRST: As regards this situation, FireFox IS NOT more secure than a Windows PC with all it's security patches applied.
SECOND: FireFox is only more secure than an UNPATCHED PC b/c of a typo in its the source code.
THIRD: Users who are so inept as to be unable to apply a basic thing like security patches have NO BUSINESS WHATSOEVER assessing the relative strengths of 3rd party applications, let alone downloading and installing them. Since they've already demonstrated that they can't even manage the BASIC responsibilities of PC ownership, why on earth would you encourage them to attempt assessment/installation of even MORE software that they're not going to understand, or be able to patch when necessary? (FireFox requires patching too!)

>>>>>
The disparity in IIS vulnerabilities versus Apache's (apache's market share being the larger one), servers as a counter-example that illustates that marketshare alone cannot account for the huge number of viruses that target windows software.
-----

The IIS/Apache argument is a red-herring. To my knowledge the only major security hole in IIS was the CodeRed vulnerability, which ALSO was patched BEFORE the outbreak of the exploit. I've never bothered tracking Apache, but I'd bet there's been at least one major flaw in it since its inception. (Interesting side note: Googling "Apache vulnerability" returns 4.6 MILLION results, while "IIS vulnerability" returns only 4.1 million...)

>>>>>
Whatever SFA is, that is a weak troll.
-----
Sweet F*** All -- I don't use Linux because I don't want to NEED a compiler in order to do anything with my OS, I don't use OS/X because I LIKE being able to search hundreds of millions of software applications for ones that meet my needs and (a) Work on my computer and (b) DON'T need to be (re)compiled first.

Oh, and I like to play games other than Solitaire and WoW on occasion too.

>>>>>
Everyone wants to ignore that MS's security "model" is built on a foundation of sand. There are real problems with OS X, also, but are you telling me you cannot critical think about evalutating each OS on the merits of it's security foundations? Picture building a house in a swamp and building one on solid ground. Even if you cloud this issue with other factors you cannot escape the fact that one foundation is terribly inferior.
-----
Microsoft's "model" is weak primarily in the area of the Win9x kernel. This weakness comes from trying to hybridize DOS with a 32-bit muti-tasking kernel. They did THAT because (having already developed OS/2, a very tight, secure and slick 32-bit multi-tasking OS) they were pressured by the global MS-DOS installed base to maintain full backward compatibility.

The Windows NT kernel and its successor, Windows 2000 (on which XP is based) are based off the SAME multi-treaded, multi-tasking kernel originally developed for Unix. Windows XP is vastly more secure than any version of 9x was, and many of the vulnerabilities come from the same sources as 9x's: backward compatibility.

Even now, with Vista, the whines about it's significantly reduced backward compatibility (due to higher security measures) are starting up... in many respects, the problems being complained about stem directly from Microsoft working overly hard on meeting BackComp issues and not enough tough-love saying TFB to the users and focusing more on security.

Due to their extremely fringe nature, MAC/OS and Linux have not had significant pressure to maintain backward compatibility and thus have been able to issue completely rewritten OS/s over and over again. (Linux avoided the problem by merely requiring 90% of the software written for it to be (re)compiled as part of its installation...)

Posted by: mcsa | July 20, 2006 11:41 AM | Report abuse

Jan : la pilla said the counter on the turkish site does not increment just when someone merely browses the url.

Posted by: Bk | July 20, 2006 12:02 PM | Report abuse

Brian,

I think it is important, really your _responsibility_, with articles like this to clearly state that this is only a problem for Windows users logged into their computers as administrators.

Users logged into Windows as "normal users" are NOT vulnerable to attacks like this, and would be as "safe" as all those commenters suggesting alternative OS's and browsers.

Posted by: LUA | July 20, 2006 12:04 PM | Report abuse

My Crown Vic is much better (for me) than a BMW. First, and most important, I'm 6'6", 280 lbs, so I can't even fit into a BMW (they're simply not made 'man-sized'). Second, you have that whole Yuppie connotation thing to deal with if you drive a BMW.

I own both a Mac and a PC, and I just ordered a MacBook Pro from the school where I work (free is good). I've used both platforms for over a decade.

My bias is toward the Mac (I'm a writer and professor, not a gamer), but my first computer was a PC that I had to put together myself. I do keep up on patches, warnings, etc., but why should I have to? I want to write on my machine, not be forced into becoming a mechanic, tinkering with it all the time.

I once asked my students what other product they would pay so much money for that worked so poorly, needed so much attention, and crashed so often.

No one had an answer, but one student pointed out that that description also fit cars in the 1950s. Today, my Crown Vic--and your BMW--will go several hundred thousand miles without a problem. Someday computers may do the same.

Posted by: Jack Dharma | July 20, 2006 12:10 PM | Report abuse

The spyware put out is the same as that put out by a company called SurfProtect (aka JimmySurf) based in MA run by Brandon Guttman.

Posted by: Spyware Hater | July 20, 2006 12:26 PM | Report abuse

Well, I see the annoying Apple's Jehovah's Witnesses are at it again. -lol

Anyway, my system was fully patched, so I haven't had any problems on Myspace.

BTW, I have been using Intel computers since the pre-Windows days of DOS, and have never had a successful virus/worm attack against any of my computers.

Posted by: John Johnson | July 20, 2006 12:38 PM | Report abuse

I use a PC, a mac, and Fedora Core 4 Linux. I like my Mac for daily business (MS office products and Adobe products {dreamweaver and photoshop}) and web surfing. It looks nice and I have had no problems with it. Going back to my pc feels ancient, however, I am the net admin for a college and several programs and online testing sofware companies that we use require PC's. I also have a windows 2003 server running as a file server which works fine. When it came time for me to pic my webserver OS I chose linux due to it's built in security. There is a never ending battle of who's OS is better when in reality they all have good and bad attributes (i.e. the spinning pinwheel on macs, the virus/spyware isuues on pc's, and the lack of support, drivers, etc. with linux). I like them all and they all have a place in the computer world. As for home users pick one and stick with it. Graphic arts are just as good on a pc as on a mac if you have a good video card, lots of memory, and a nice monitor. Gaming is just as good on a mac as on a pc with the exception of availability. I love them all.

Posted by: Clay | July 20, 2006 1:38 PM | Report abuse

OK I GOT THE VIRUS TODAY. It's a Tibbs downloader on avg antivirus and a Vxidl!generic exploit with CA's Etrust Antivirus. I am having a hell of a time trying to get rid of it. I also recieved about 6 that I've found so far text documents which are titled oscar. Inside they say "Oscar was here" This is BS. I do nothing with my computer but go to college online, buy stuff, play games, and I am also my High School's Moderator on myspace.com. That is a big problem. I have to log into Myspace everyday. I won't be for a while until I make sure my computer is TOTALLY updated. In conclusion I would like to say This sucks.

Posted by: Mickey S. NY | July 20, 2006 1:52 PM | Report abuse

I'm sure all the Firefox and Linux groups will tout the lack of security in IE and start blasting it as well as Microsoft again. Seems to me a patch that was released over 6 months ago to fix this should have been applied to all computers. So Microsoft is again in a no win situation. If they require users to update they get scorned and then when they don't and the hole is exploited they get blamed once again.

Attention: Everyone
If you are using Windows make sure it is set to automatically update. Stop blameing Microsoft. Is it the car manufacturer's fault when you don't wear your seatbelt and then get in an accident that causes injury? No. Or better yet, when they issue a recall to fix a defective part and you ignore it only to have the part fail.

Is Microsoft perfect? Absolutely not. But this isn't even an issue if people would take a little responsibility and make sure they keep their system up to date.

Posted by: Rich Leick | July 20, 2006 2:59 PM | Report abuse

First of all, tolerance is a good thing. This is to the minority of comments suggesting people 'get a life' for trying to have a discussion about a problem that affects millions of people. Also for those comments along the lines of 'you should know better,' isn't that really the point? Everyone dosen't know better or there wouldn't be opportunities for these exploits.

I must say that for me (on a winxp pc) the amount of time spent 'cleaning' my computer has become prohibitive. I now only use IE for online activities involving MS apps that run better on IE. Otherwise I use Firefox.

I would like to point out the difference between maintaining a car and a computer. These days many manufacturers and producers combine their activities to deliver their products to consumers. For example, my HP pc came with software already loaded, and all reference material on the computer itself. This is very different from getting a BMW or Crown Vic with a warranty, service contract, and a user manual in the glove box, as well as free advice from almost every service station you can pull into. And yet there are still people who drive and forget to put gas and oil in their cars.

But the real issue - the state of software developement. I have created an account on MySpace, albeit only to stay in touch with others who were already there, and I agree it sucks. It is not user friendly, and I wonder, do the people who develope these things ever actually use them?! The same for Windows. I have countless background processes constantly running that are supposed to let me know when I need to update. If these don't work properly how am I to know? Spend my online hours trolling websites and forums trying to protect my Pc instead of using it for what I want?

My point: it seems that software development is at a precarious point. The hardest working developers are the malware writers. Everyone else seems to be striving for 'it works' instead of 'it works well'. Just out of curiosity, how much processing power does an elegantly written media player really need? Yes Microsoft is great at running their business, I just wish they were great at creating software, and I believe they are not.

Posted by: J Bridge | July 20, 2006 3:12 PM | Report abuse

Dear Brian Krebs

I don't understand, in your article "On Computer Security" you wrote,

"Microsoft released a patch in January to fix a serious security flaw in the way Windows renders WMF (Windows Metafile) images, and online criminal groups have been using the flaw to install ad ware, keystroke loggers and all manner of invasive software for the past seven months"

If Microsoft fixed the problem with a patch in January, how could the criminal group be using this flaw for 7 months (I'm assuming you meant July)?

The two statements contradict one another. If you could please clarify this conflicting data, that would be much appreciated.

Sincerely
Ms. Judge

Posted by: Ms. Judge | July 20, 2006 3:28 PM | Report abuse

Ms Judge:

The patch was initially offered in January and has been available ever since. Unfortunately though, there's a legion of people (at least 1.07 million of them) who haven't bothered to apply that patch (or, as is most likely, ANY patch) to their computers, and so they remain vulnerable to every exploit ever discovered...

Posted by: mcsa | July 20, 2006 5:24 PM | Report abuse

I think there is going to be an evolution in the way the next generation of users gets trained on computers.

Most people were trained to point and click. Most users are so comfortable with the current Windows system that shifting gears to something that is more reliable, secure and expandable will take a few years of several front page Washington Post articles about stolen data and the loss of home PC after home PC to corrupted OS's because of viruses, worms and trojans.

It has already started and something tells me that all the time I have spent refusing to fix my friends Windows machines and forcing them unto some form of Linux is about to payoff. It just takes a couple of weeks of learning the basics and the next thing you know, you are trying to write your own programs to simplify your life.

Remember this is just the beginning of the technology revolution, be willing to change and adapt.

Posted by: Amanda | July 20, 2006 6:15 PM | Report abuse

First:
Why is the Texas-guy flaming the comments box? Go watch dateline or something.
Posted by: Drew | July 19, 2006 05:16 PM

==============
Sorry for the multiple submits. The Blog CGI Engine was buffering submits and IE7 was cacheing pages.

==============
Next: bk wrote:
"It's probably not realistic to expect Myspace or Websense to be able to comb through each banner that runs on its site (some of these larger sites have hundreds of banners that run from third-party sites)."

Yes, but ... The portals own the frame an ad is in. What if: There was a button on each frame which involked W3C's link checker.

http://validator.w3.org/checklink

The potential clicker would then know if the site is (still) up. Scam sites don't last long but legit advertisers won't mind.

There are other things to consider ... robot exclusions etc. but the basic idea is that Myspace or Websense do not have to "comb" through the ads themselves if they give their users (and potential buyers of the products) the means. The link check program is free and they could install it on their own servers (and send them a heads up when there is a problem).

Posted by: GTexas | July 20, 2006 6:38 PM | Report abuse

Well, I have Windows.. and, I have "patched" the heck outta it..

a simple fix of DISABLING java and active X usually slams the door on Spyware..

However, then 2/3rds of the 'net becomes unaccessable!

a simple rule applies:

"if a site REQUIRES cookies, active x, Java, ASF, etc etc etc... then its obviously MALICIOUS - NONE of these things are needed to surf- so if a site REQUIRES them, then you should consider NOT surfing that site!"

yeah, I know this eliminates the "pretty graphics" and "interactive experience" and makes more and more of the 'net "inaccessable" as more and more of the 'net becomes "run" by Macromedia and others like it.. (Macromedia Flash/Shockwave is some of the most INVADING applets I have ever seen!) Ppl just don't realize just HOW MUCH of their comps are RAPED by "Mickey$oft", "MyHole", and ALL of the other major sites out there.. and ISPs too! I bet HALF of you- mac users or whatnot, were STUPID enough to install your cable/DSL ACCESS SOFTWARE which contains the CBLACS control trojan!

So, yes, I agree, laws need to be written.. (but how does one write laws for a medium that not regulated) Keep THIS in mind.. The TCP/IP network was released by a world power.. and others have built onto it.. do you think theres a way to "seize control" using the very same protocol we ALL use and abuse?? ITS A FACT! YES! there IS a "built in control/(distruct) system" in the protocol itself.. now, you "AOLers" just continue to surf and play.. being totally IGNORANT to the whole thing of how it all works.. I recommend TRYING to understand it, if just a little.. before [you Mac users] start slamming Windows users.. NOT all versions of Windows out there are "broke".. I also know of some MACs that are BROKE too.. 20 minutes to send a print doc!? WHAT THE HELL! So, unless you know what ARPA is and the like, please, be a little more CONSIDERATE!

-DjZ-

Posted by: DJ Zath | July 20, 2006 8:28 PM | Report abuse

this posting contains evil bad malware that will infect your computer if you finish reading this sentance. ha ha you're mine

Posted by: bubba hotp | July 20, 2006 8:46 PM | Report abuse

favorite firefox feature

tools, options, privacy, view saved password, show passwords

now I can see where my teenager has really been...

I love open source.

Posted by: mang | July 20, 2006 10:03 PM | Report abuse

You should never let the browser save your password - anyone using the browser can access that place afterwords.

Posted by: mang2 | July 20, 2006 11:41 PM | Report abuse

The arguement that macs receive less viruses due to market share doesn't hold up. Apache servers run a ridiculously higher number of web pages than IIS, but most of the attacks on web servers go after IIS.

Posted by: steve | July 21, 2006 12:49 AM | Report abuse

favorite firefox feature

tools, options, history, clear
and
tools, options, privacy, clear saved password

now I can browse without my father snooping in my PC...

I will leave some innocent ones there.

I too love open source.

Posted by: Son of Mang | July 21, 2006 6:00 AM | Report abuse

Most likely no one would want to bother with a Mac virus because the barrier to entry is quite high. Microsoft dedicates itself to keeping legacy applications running, to the detriment of security. Raymond Chen's blog is about that very subject. This is why the WMF exploit was possible even on modern MSFT OSes.

The buffer overflow exploits are not specific to MSFT; they are holes which exist through C++, and have plagued Unix systems through the years.

I guess people forget that Windows 2000 actually DID have exposed source code. People analyzing this code have found no lack of effort in keeping security holes closed, nor have they found that any of the MSFT programmers "suck" or are "intentionally" doing it for profit's sake.

How many legacy Mac applications are you able to run natively in OS X? How many were you able to run when it first came out? How many times has Apple broken compatibility so that it can be more "user friendly?" What was the procedure for running legacy applications? That's right, dual-boot to OS 9.

Not trying to attack Apple, and not really trying to defent Microsoft. I'm just saying, calm down and take a deep breath, and remember that you're not talking about a RELIGION, but a freaking COMPUTER. Who cares which system works better for you, or how many viruses you got or didn't get? That doesn't help anybody in any way whatsoever, except your own feeling of self-righteousness.

Posted by: Michael | July 21, 2006 12:51 PM | Report abuse

I wish these Mac yo-yo's would get off their high horse. The discussion is about malware getting on people's computers not "Mac's are better". If Mac's are better, then why do you have to go around proclaiming it at every turn. It's a throwback to the old days of "My C=64 is better than your Atari" or "My Atari is better than your Intellivision".

Mac's cost 3-4 times more than a PC. They also don't run the software I want to run. And they go into complete, planned obsolesence within 2-4 years. The final word is, people who develop malware go where there are the most users. And that isn't the Mac's. If there were more Macs than PC's, then there would be plenty of malware for Mac's. "Mac's are better, duh, duh, duh..."

Posted by: JC | July 21, 2006 2:37 PM | Report abuse

Why don't you include the date of the article, right at the top, like others do?

Posted by: Larry Leisure | July 21, 2006 6:14 PM | Report abuse

I don't believe that banner ad was "hacked"
per se: I did a little investigation into
the site it redirects to, and according to
McAfee's Site Advisor, deckoutyourdeck.com
was found to be very spammy. An email
address tested on it got hit with 199 spams
in a week. I think some criminal spamming
gang intentionally wrote the malicious code
into the banner before submitting it to the
ad network it appeared on. And they did it
(using Flash) in a way that wouldn't be
obvious from a cursory inspection of the
ad's code.

I'm not saying that this is the case here,
but given the connection between spamming
gangs and malware writers, I wouldn't be
surprised if it were.

Posted by: Jeff | July 21, 2006 7:44 PM | Report abuse

It seems that a very simple way to prevent this problem would be to simply limit advertisements to GIFs or JPEGs.
Who would actually be using a WMF file in an advertisement anyway? And the same goes for Flash-- if an advertisement i s actually advertising something I'd want, then it doesn't need to be terribly flashy or have weird animations or built in "games".

Posted by: Andrew Ray | July 22, 2006 11:07 AM | Report abuse

I was just asked to download exp.wmf from a myspace page. I was using Firefox on Linux. First I got a popup saying that my browser was not win32 compatible (no foolin').
Anyway, this hacked ad deal seems to still be happening!
Bad news for unsuspecting IE/Windows users.

Posted by: William | July 22, 2006 11:21 AM | Report abuse

This hack also tries to launch a popup window that contains javascript that will execute the wmf file. The popup comes from: 1ajal934.e33.biz

Posted by: William | July 22, 2006 11:36 AM | Report abuse

Larry -- When you view the blog posts on the main Security Fix page, the date and time stamp ARE on the top of each post. But for some reason when you view each post individually with the comments listed below, it bumps the timestamp info to the bottom of the post (just above where the trackbacks and comments begin).

Posted by: Bk | July 22, 2006 2:26 PM | Report abuse

Ok, I believe that I was one of the 1million victims as I was on Myspace the day stated in article, and my computer just wont reconnect to myspace now. Goes to all sites except MySpace.
I have anti-virus, and done a scan, but nothing. This article doesnt really tell how to fix it if you got it ? ? Any ideas anyone ?

Posted by: Brian | July 22, 2006 9:36 PM | Report abuse

Brian,

The following forum mentions the PopupSh ActiveX Control, which was involved in this attack, in a post dated as early as June 6th:

http://www.bullguard.com/forum/12/New-Here-and-I-have-the-ULWIND_31982.html

-- Lenny

Lenny Zeltser
http://www.zeltser.com

Posted by: Lenny Zeltser | July 23, 2006 12:34 AM | Report abuse

This world would be better off without myspace. A place for stalkers.

Posted by: BK | July 23, 2006 1:34 AM | Report abuse

I'd like to note that this ad has also been appearing on Facebook.

Posted by: music | July 23, 2006 9:55 AM | Report abuse

I had this bug and it sucked!! As soon as I opened my browser the pop ups started and it was impossible to close the window without loosing my internet connection. I have a popular virus software which did not detect it whatsoever. Finally I downloaded Spysweeper and although the software did not detect it at the time...techical support wrote a program to remove it and thank God it's finally gone cause it was DRAMA! By the way this was back in June

Posted by: Renee | July 24, 2006 12:37 AM | Report abuse

Figures, right as Myspace rises to #1 most popular site on the internet hackers finally get smart and start utilizing it. If Myspace wants to stay at the top and remain secure for its members it has a lot of work to do. Right now it has to be one of the most dangerous web sites out there right now with all the sketchy individuals and poor security systems.

Also, for a major site to go down for 12 hours without any major backup systems is rather juvenile. Myspace needs help if it wants to remain as popular as it is.
http://www.techknowbizzle.com/2006/07/myspace-social-network-or-social.html#com

Posted by: Nate | July 24, 2006 1:47 PM | Report abuse

Please dont get me wrong but in my opinion turks are really network noise for internet. They are problably only nation which prefers to waste their complete time with hacking icq or msn accounts and vbulletin, postnuke forums instead of providing anything useful(if not searching for pr0n). probably they lack the money or the courage to go to a club in the evening, so they concentrate on hacking some girls to download their pics. I havent seen anyone contrb.ing to internet from turks so far. (please dont try to come with examples) all I see is lame, defacements using 1 year old exploits. When you search google images for "hacked" you will mostly find turkish sites and pictures. That's because their culture relies on showing off instead of doing useful things. Get a life!

Posted by: Andrew | July 24, 2006 7:49 PM | Report abuse

Hemanshu Nigam, Myspace.com's chief security officer, issued the following statement in response to these attacks:

"... we strongly urge all Internet users to follow basic Internet security practices such as running the latest version of the Windows operating system, installing the latest Windows security patches, and running the latest anti-spyware and anti-adware software. If users have applied the simple patch available from Microsoft.com, they will not be vulnerable to this criminal act."

Or just buy a Mac to replace the infected garbage PCs.

Posted by: rasterbator | July 31, 2006 2:17 PM | Report abuse

mac users will rue the day they tempted hackers by flaunting how perfect they are.
if i was a hacker--i'd write one myself just to shut the bastards up myself--high and mighty. And i'm a pc user and democrat to the earlier comment--not that there's anything wrong with that.
:)

Posted by: les | August 3, 2006 3:02 PM | Report abuse

interesting article.

i believe that educating yourself and your friends and families in the sparing and judicious use of the internet, and systems management best practices (auto-update), is key to preventing mass outbreaks.

even so, we learn by our mistakes, and one trojan or worm is more than enough to awaken *most* users sharply to securing their internet activities.

furthermore, mackintosh users would be wise , i feel, not to brag too much about security, as pride so often comes before a FALL.

luv.the.vermicious.knid.cotswolds.u.k.

Posted by: the vermicious knid | August 8, 2006 10:16 AM | Report abuse

I curently use Win XP Pro, Mac OS 9.2.2, and Ubuntu Linux on three different machines. They each have their pros and cons. But listen up - in the 10 years I have used computers extensively, and I have NEVER, repeat NEVER, been infected with a virus, trojan, or worm. The plan is simple: just patch regularly, update your dat files, use a solid hardware firewall, don't download and run that exe you got with BitTorrent because you don't want to pay for Word 2003, and quit surfing PORN!

Sheesh.

Posted by: nuus | August 17, 2006 2:00 AM | Report abuse

I noticed my system running badly after I surfed MySpace, I downloaded Spybot and found the problem, I had a possible trojan. I agree with the comment that the computer companies should have tested all their programs thoroughly before putting it out there for people to buy. Problem prevention.

Posted by: mysticalblueeyes | August 19, 2006 12:46 AM | Report abuse

Nigeria is the worse country online. Nigeria is a nation of scumbag con artists.

Posted by: Brad | August 23, 2006 11:13 PM | Report abuse

I recently purchased a new XP and I had a pop-up warning that someone was trying to get my credit card information and then a short time after that I got a pop-up saying my computer was infected.I had to pay tecknitions to remove the pop-up.Then a few days later I had to do total restore with my recovery discs.Now my new XP works like a new one.I just bought it in JUNE 2006.

Posted by: jamesmiller@accessky.net | August 31, 2006 11:37 PM | Report abuse

Two of my computers were just hit with the Trojan.Ducky.B virus while visiting MySpace. They need to do better work at protecting their users. According to Windows Update, I have all the latest patches I need - is Microsoft not automatically making this patch a "must have?"

Posted by: Mitch Allen | September 2, 2006 8:01 AM | Report abuse

Go ahead and bash me, but Mac is the way, it's not a matter of being high and mighty. It's a matter of productivity, Mac's save lots and lots of time. And for audio and graphic applications are superior in all aspects. Go ahead and rag on the 4% of the marketshare, but realize within that 4% comes almost 90% of all your movies and music of modern day. So where would the world be without it's precious entertainment? I am an audio engineer and have used both Mac and PC, I have been studying up on computers since 1988, and from my experience I vote Mac hands down. And if OSX is so incompatible why is Intel leaning towards it now? And all that is is old Apple technology duo core crap. They got some nifty tricks up thier sleeves very soon just wait and see. And for the guy who swore to mac's going obsolete within 2-3 years hahaha.... I just recently bought a G4 that is going on 6 years old for quite cheap, it started off as a single 450mhz CPU.... I then upgraded it to a DUAL 2GHZ!!! It now runs WAY better than the PC I bought just last year, and is now my primary machine. Here is my suggestion... if all you want is to go spyware and virus free at a cheap price, get you an old G3 Imac off of eBay, and keep your PC off of the net. And don't forget this is one of the many Windows problems, I remember my PAID version of XP flipped out after thier dreaded service pack2 and told me I was a pirate after i bought the stupid crap, then kept hounding me about activation until I said screw it. Not to mention alot of my programs quit working after SP2, programs I paid for forcing me to backup format re-install only for it to happen again. so how is that worth it? rediculous and pointless and one of many problems. Might also wanna look into Windows vista(longhorn) and realize they have knocked off almost 100 OSX ideas. Mac's Expos'e is worth the switch alone and Vista has blatently ripped it off. That's great for them, but I also read from several sources that there are new viruses just waiting for Vista's release ready to attack it and it's not even out haha. Has it ever struck you people that viruses and spyware makes Microsoft richer in the long run???

Posted by: James Hall | September 13, 2006 7:05 AM | Report abuse

You know-

Fact is, whether you patch or not is not the PRIMARY issue-

don't let the scammers get you all confused into blaming Windows or anyone else because the COPS aren't putting the scammers in jail lol. While you're busy chasing your tail on *that* piece of logic, another ten-thou people get hit with the scammers scam.


I patch every morning when I logon, yes, *every single morning*-

I work with computers-

I have multiple computers running the latest *daily* Windows XP either Home or Pro-lots of security features too-

And it doesn't MATTER if it's patched or not-

Even if you're patched-
you ACTUALLY WANT that file sitting on your PC?????

If you're going to spend your energies today--or any day for that matter--on anger directed at those who attack your daily life and fun, at least aim that anger at the CORRECT PARTY I say. If you don't, you're spinning your wheels and the scammer won't be stopped-plain and simple. And while you're spinning, the scammer is watching you and just cackling away at you under his breath.

*shesh*

Posted by: My Antivirus Caught It | September 26, 2006 12:57 PM | Report abuse

--------------
VIRUS vs. PC
--------------

Virus1: Hey look at that little wimpy PC over there. Lets get him. hahaha haha yea.

PC: Leave me alone. Quit! Stop!

Virus2: wimpy PC. (smack) (crack) take that chump.

-------------
VIRUS vs. MAC
-------------

Virus1: Hey look at that MAC over there lets get him.

Virus2: are you crazy dude? MAC will knock us the hell out!!!

LOL

Posted by: tommy | September 28, 2006 7:27 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company