Forgot your password?
typodupeerror

Banner Ad on Myspace Serves Adware to 1 Million 390

Posted by samzenpus
from the have-some-pop-ups dept.
An anonymous reader writes "Washingtonpost.com's Security Fix blog reports that a banner ad running on MySpace.com and other Web sites used a Windows security flaw to push adware and spyware out to more than one million computer users this week. The attack leveraged the Windows Metafile (WMF) exploit to install programs in the PurityScan/ClickSpring family of adware, which bombards the user with pop-up ads and tracks their Web usage."
This discussion has been archived. No new comments can be posted.

Banner Ad on Myspace Serves Adware to 1 Million

Comments Filter:
  • Excellent. (Score:5, Funny)

    by Anonymous Coward on Thursday July 20, 2006 @12:55AM (#15747957)
    Darwinism works!
  • by Facekhan (445017) on Thursday July 20, 2006 @12:56AM (#15747961)
    And they wonder why consumers want to block all ads. Its because of illegal virus ads like this. If they prosecuted spyware companies the way they do with other virus creators we would not have as much of a problem with people setting up shop as if this is a legitimate business and then hijacking people's computers for profit and waiting for enough complaints to pile up that maybe the state attempts an enforcement action which at worst closes the company and more likely a few small fines and promises to behave in the future. Either way the owners of these companies never serve a day in prison for releasing their viruses.
    • And they wonder why consumers want to block all ads. Its because of illegal virus ads like this.

      Not at all. I imagine that most of us around here who install AdBlock and FlashBlock do so because of the bandwidth and processor power that ad-laden pages take. People on non-Windows platforms hardly have to fear WMF exploits.

      • People on non-Windows platforms are generally not the targets of ads, as indicated by XP-styled "message box" banners.
      • I have ad + flashblock installed because adverts look like shit.
      • by john_prog (798488) on Thursday July 20, 2006 @01:45AM (#15748090)
        Ads can be a growing security risk in the future. I'd like to ban all ads at work, but I can't do that since IE6 is the only allowed browser here and no extra software is allowed to be installed. Once I surfed to Dilbert website for comics that I thought would be safe, but Errorsafe malware tried to install itself to my machine (by ActiveX component in an ad). See http://koti.mbnet.fi/jnyman/dilbert.html [mbnet.fi] screen capture here (the dialogue text is in Finnish, but the bottom line asks "Do you want to install Errorsafe program to your computer to check your computer for free (recommended)?". I complained about this to Dilbert website's webmaster and to Scott Adams and they replied that they're looking at the problem, but after that nothing. Haven't visited Dilbert website since at work. Hope this is not a growing trend.
        • by SCPRedMage (838040) on Thursday July 20, 2006 @02:54AM (#15748221)
          In your case, the problem wasn't with the Dilbert website, and in the parent article, it wasn't a problem with myspace, either.

          The problem is with the ad-serving companies that these websites use. Either they're less-than-trustworthy, and are directly responsible for the exploits being used, or they sub-contract out, and don't care enough to keep an eye on their "partners". Usually, notifying the webmaster of the offending site is enough to get them to have a "talk" with their advertisers to resolve the situation.

          Of course, you probably already know this, but it bears repeating as it's something that can be missed by people not familar with the subject.

          Please, won't someone think of the n00bs?
          • Excuses, excuses (Score:3, Insightful)

            by metamatic (202216)

            The problem is with the ad-serving companies that these websites use. Either they're less-than-trustworthy, and are directly responsible for the exploits being used, or they sub-contract out, and don't care enough to keep an eye on their "partners".

            Funny, that's the same kind of excuse spammers use. "Oh, I'm not a spammer... I purchased this list of e-mail addresses in good faith, how was I to know they weren't all 100% verified opt in like the seller said?"

            It's also the same excuse The Pirate Bay use.

          • "In your case, the problem wasn't with the Dilbert website, and in the parent article, it wasn't a problem with myspace, either.

            The problem is with the ad-serving companies that these websites use."

            The Dilbert website serves ads from these companies, therefore the problem's resolution is ultimately the responsibility of the Dilbert website.

            I don't blame the ad-servers just as I don't blame wild animals for mauling tourists. It's in their nature ;)
        • by Anonymous Coward on Thursday July 20, 2006 @03:00AM (#15748240)
          I had dilbert.com as my home-page for years, but recently gave up on it in disgust. 9 times out of 10 Firefox would block anything upto 3 popups, and then they started to carry an extremly obnoxious popup that even Firefox couldn't block. I figure anyone being that anti-social doesn't want me around, so I left. If I were Scott Adams I'd be outraged by United Medias total dimwitedness, but I guess his Clue departed many years ago.
      • by Tim C (15259) on Thursday July 20, 2006 @03:24AM (#15748294)
        I imagine that most of us around here who install AdBlock and FlashBlock do so because of the bandwidth and processor power that ad-laden pages take.

        Speaking personally, I generally block ads that are misleading, flashy and/or distracting. I've lost count of the number of times an otherwise perfectly good webpage has been ruined (aesthetically) by an in your face ad.

        Anything that attempts to look like a system dialogue, or to convince me that my PC is running slowly and needs to be fixed, etc, gets the entire advertiser's domain and sub-domains blocked. I hate that shit.
      • by Bogtha (906264) on Thursday July 20, 2006 @05:33AM (#15748568)

        I have to disagree with both of you. People block ads not because of risk, not because they take up too much bandwidth and processor power, but because they take up too much attention. People want to pay attention to the real content, not wade through fake distracting crap that wants to sell them something.

    • by SuperBanana (662181) on Thursday July 20, 2006 @01:26AM (#15748042)
      Prosecute virus creating companies.

      How about Myspace as well? It is easily argued that Myspace controls the banner space and content added to the 'global' site (ie every page). This is akin to aiding and abetting.

      The sad thing is that a million PCs were infected, and probably 500,000 of them will -stay- infected. And will this even remotely hurt Myspace's market share/traffic? I seriously doubt it.

      • by nwbvt (768631) on Thursday July 20, 2006 @01:57AM (#15748117)
        "How about Myspace as well? It is easily argued that Myspace controls the banner space and content added to the 'global' site (ie every page). This is akin to aiding and abetting. "

        Only if Myspace knew what was going on (which they almost certainly did not). Or do you think any business transaction with criminals is 'akin to aiding and abetting'? In which case, shouldn't you also prosecute

        • banks, if one or more of their clients deposit money they got illegally?
        • hotels, in whose rooms illegal transactions (prostitution, drug dealing, whatever) take place?
        • computer manufacturers, whose customers use their computers to steal identities?
        • camera manufacturers, whose products may be used to stalk people and invade their privacy?
        • etc.
        Ask yourself this, do you really want to go down that road? Do you really want companies to run extended background checks on you before they sell you anything to make sure you may not use it in some obscure way to harm others? Is such a police state really what you want? Or do you just not like Myspace (either because it is used by the same teenage girls who wouldn't date you in high school, or because it is owned by NewsCorp)?
        • Prosecute MySpace (Score:4, Insightful)

          by Yez70 (924200) on Thursday July 20, 2006 @02:41AM (#15748195)
          Do you really want companies to run extended background checks on you before they sell you anything to make sure you may not use it in some obscure way to harm others?
           

          You mean like the government wants our ISPs to track and monitor our web usage and keep copies of all our IM's, searches and emails? Or how about our libraries revealing what books we check out? Maybe AT&T could provide a log of all your phone calls. How about the banks reveal all your financial transactions?

          Oops, I forgot - the Patriot Act, among other obscure laws, already allow this.

          Innocent until proven guilty no longer applies in the land of the free - why should it apply to corporate America any different? Oh yea, I forgot, they own the politicians.

          Why can't Microsoft patch the holes in it's software? Why can't MySpace screen it's advertisers? They aren't showing porn site ads, because they 'screened' the ads, correct? So, how come they are serving adware?

          If it's ok for the government to be constantly running background checks (illegally I might add) on it's own citizens in a 'FREE' country, then MySpace should also be responsible for spreading viruses and spyware. Of course, they won't ever have to answer for it. News Corp may as well be owned by the GOP...

          • by nwbvt (768631)
            "You mean like the government wants our ISPs to track and monitor our web usage and keep copies of all our IM's, searches and emails? Or how about our libraries revealing what books we check out? Maybe AT&T could provide a log of all your phone calls. How about the banks reveal all your financial transactions?"

            No, not really...

            I'm scared to ask, but how does your conspiracy theory reason why the government would want ISPs to monitor all that information, when the government itself really wouldn't ha

          • Re:Prosecute MySpace (Score:3, Informative)

            by RatBastard (949)
            Or how about our libraries revealing what books we check out?

            Actually, most libraries go out of their way to destroy your checkout history. One common library checkout systems only keeps track of the person who has that particular copy at that moment. The only way to look up the book is by its inventory number. Searching by patron name returns no result. Once the book is checked in the record is modified saying that the library has it. The result is that there is no history of who had what books or w

        • by SuperBanana (662181) on Thursday July 20, 2006 @02:59AM (#15748235)

          Only if Myspace knew what was going on (which they almost certainly did not).

          I'll make this very simple for you: Is myspace responsible for the content they put on their site, or not?

          When you are a website the size of myspace, failing to vett your advertising borders on gross negligence and incompetence.

          Furthermore, if you study how 'responsibility' plays out in the business world, particularly with lawsuits- the first party on the food chain is responsible. If that company wants to take action against its employees, suppliers, etc- so be it. But the buck, figuratively, stops at "round one".

        • by arkhan_jg (618674) on Thursday July 20, 2006 @03:02AM (#15748246)
          I agree with your examples, but not with your linking of them with the original problem. A bank or computer maker or hotel's CUSTOMERS are committing the illegal act. You're right, the business should not be held liable for what their clients do, i.e. myspace shouldn't be held liable for what their users hosting pages put on them.

          This is different. This is the business putting up an advertising hoarding that is dangerous to visitors. The business already vets its adverts (so no porn), so it has the duty and capability to vet its adboards for viruses, just as if it was hosting auto-install viruses on the front page in their own webspace.

          Just because it subcontracts the advertising out to a third party doesn't get myspace off the hook, any more than a bank with a beartrap inside the front door wouldn't be liable because their builders put it there.

          • You're right, the business should not be held liable for what their clients do

            So why do you then say MySpace should be held responsible?

            Look.. the visitors are not MySpace's clients.. the visitors are the product (and if they aren't the product, then at best they are leaches.. they would never be considered a client, since they don't give MySpace a dime).

            MySpaces clients are those who give it money.. ie: the advertisers.
    • Really?? (Score:3, Interesting)

      by Gorimek (61128)
      And they wonder why consumers want to block all ads. Its because of illegal virus ads like this

      I thought I followed the field fairly well, but I have never heard of any previous virus ads like this.
      • Re:Really?? (Score:4, Interesting)

        by babbling (952366) on Thursday July 20, 2006 @02:18AM (#15748159)
        It happens all the time. It happened on LiveJournal only a month or two ago.
      • Re:Really?? (Score:3, Insightful)

        by Vo0k (760020)
        Not on "reputable sites". The problem is you don't have to try hard to get to the "less reputable sites". All you need is to type "com" instead of "org" or "net", make a typo or misspell the domain name, click a result that on first sight looks genuine in Google Search, visit a site from your bookmark which is two years old, enter any phpbb-based forum or any site running on older, unpatched IIS. Minor sites get hijacked all the time.
    • by bcmm (768152) on Thursday July 20, 2006 @05:34AM (#15748572)
      The creation of this basically malicious content was wrong and should be punished by the Law, but please don't join the media and the less educated parts of our governments in refering to all computer security exploits as "viruses".

      This attack is not a virus because it cannot spread to new hosts from infected machines. It is, more accuratly, a trojan, in that it is "executed" under the false pretence of being non-malicious code (I put "executed" in inverted commas because there is the additional issue of how it ended up actually executing native code on the infected machines).

      Also, the people who recieve harsh sentances are normally writers of worms, rather than viruses. This is because the extremely rapid way in which some worms infect new machines can cause serious overload of the networks over which they spread, which tends to cause more $s of damage than the damage to the actual machines. Although these ads are wrong, they have not had that sort of global impact on networks.

      So, while I agree that these people should be prosecuted and severely punished, I believe that it is misguided to say that they should be prosecuted under the same laws as virus and worm authors, as this would just muddy the water and add to the current situation where all computer users have to be worried about which laws they might be breaking.
  • by Neoncow (802085) on Thursday July 20, 2006 @12:59AM (#15747967) Journal
    This way we don't even have to read the article if we want to! We can just comment about the comments of the article. =D
  • Makes me question myspace, you'd think they have people watching for these sorts of attacks. And who's to say this isn't the first time it's happened?
    • by hendridm (302246) on Thursday July 20, 2006 @01:11AM (#15748001) Homepage
      Makes me question myspace, you'd think they have people watching for these sorts of attacks.

      Hah, that's like finding a loaded diaper in a garbage dump and then complaining about the level of sanitation.

    • Re:First time? (Score:5, Insightful)

      by tinkertim (918832) * on Thursday July 20, 2006 @01:41AM (#15748080) Homepage
      >> Makes me question myspace, you'd think they have people watching for these sorts of attacks.

      Yes, and you're 100% right. Since they are syndicating it, showing 'due diligence' in making sure they aren't syndicating harmful code is their responsibility.

      The question comes down to , reasonably, what is a good percentage to equate with 'due diligence' in checking what they syndicate. They have a few million pages, videos and photos to police, as well as watching what their advertisers are using their network to display.

      So even if they go way above and beyond the 80% catch rate of abuse prior to it leaving their network, stuff like this is still going to happen. I'd imagine they only catch about 70% of illegal use involving their network, and considering its size and attractiveness to bad-doers, that's not bad.

      Of course its an age old argument, who is most at fault. The person who shot the gun or the company that provided it?

      I am also noting a rather old vulnerability was exploited, and people not updating their systems need to share some of the blame.

      So I guess in essence .. 'shit happens.'
      • Re:First time? (Score:3, Insightful)

        by Vo0k (760020)
        The problem is that was not a user-provided content, one of millions of user pages, but advertizer content, something you directly get paid for, and certainly it appears in numbers much smaller than the user pages.

        'Due dilligence' in schools, for example, may not be assuring no single kid ever smokes crack, but it certainly is making sure the school bus driver doesn't.
      • Of course its an age old argument, who is most at fault. The person who shot the gun or the company that provided it?

        More like the age old argument, is it illegal or not. Sadly the facts are that this event is not a criminal event, the police won't be getting involved, and no one really cares. Not the infected users, not myspace, and not the advertisers. This is just more roadkill on the information superhighway. Nothing to see here, please move along.

  • There is a new variant of the WMF exploit that affects all Mac users running OS X. When a Mac user browses a web page that is displaying a banner ad with the WMF exploit, malicious code is run that silently installs Windows Vista on to the Mac users computer thereby completely replacing OS X with Vista.
    • Sources indicate that OSX users only noticed because their computer started to "crash a lot". "I didn't even notice the change to be quite honest," an anonymous user explained. "Only that the buttons moved to the other side of the window."
  • by ben there... (946946) on Thursday July 20, 2006 @01:02AM (#15747976) Journal
    Tom (the site's...er, spokesperson) left this message in everyone's Inbox on the 17th:

    Latest Update: 05:15PM PST, Monday, July 17th.
    hey folks - we are moving myspace music players and video players to flash 9.0. flash 9 has security fixes so that people can't mess with you on myspace. if your 'about me' got screwed up this weekend, you could have been safe if you had flash 9 installed. here's an easy way to install it, go watch this dashboard video i posted last week. if you don't like dashboard, just watch any video in our video section, and you'll be prompted to install flash 9.

    His solution to the hack that destroys a section of your profile is not that he will fix the site, but that you should install Flash 9.
    • by ozbird (127571) on Thursday July 20, 2006 @01:29AM (#15748050)

      His solution to the hack that destroys a section of your profile is not that he will fix the site, but that you should install Flash 9.

      So if you're not a Windows or Mac OS X (PowerPC) user, you're SOL [adobe.com].
      • His solution to the hack that destroys a section of your profile is not that he will fix the site, but that you should install Flash 9. So if you're not a Windows or Mac OS X (PowerPC) user, you're SOL.
        To the contrary.
        If your kids use Windows or you're intelligence-challenged yourself, you're screwed. The rest of us are safe.
        • I make my kids use firefox when they go to myspace; I also only let them access it on a system that is firewalled from the rest of the network, which they have to keep running.
          I figure it's good training for when they have to go off to college away from their MCSE/Linux Geek/Ex-BBS sysop dad.
      • So if you're not a Windows or Mac OS X (PowerPC) user, you're SOL.

        You mean to tell us that a site that is pratically a shrine to petty teenage popularity contests, cliquishness, and ad-whoring for the biggest businesses in the world only supports the two OSes used by more than 2% of the market!?

        Holy crap! What is the world coming to?
    • His solution to the hack that destroys a section of your profile is not that he will fix the site, but that you should install Flash 9.

      Unfortunately, it won't fix the crappy member pages that crash your browser.
    • Its because it is a bug in flash's understanding of DOM security. Not myspace's, so hence your attempt at insinuating that they don't know what they're doing is incorrect.

      Sorry try again after you RTFM RE: security issues.
    • His solution to the hack that destroys a section of your profile is not that he will fix the site, but that you should install Flash 9.

      You gotta love laziness! You know the weird thing is that is most likely the best thing that he could have done to "fix" his problem. I'm on several security mailing lists and get notices of all the holes in nearly everything. Do you want to know the real dirty secret? That process is worthless to me unless they happen to be announcing a patch to the product that fixes the
  • by betterthanducttape (763202) <betterthanducttape@sbcglobal.net> on Thursday July 20, 2006 @01:02AM (#15747977) Homepage
    Heh, I posted about this having been on Facebook earlier today in the Slashback article. I'm rather amazed that these things could have been active for days without getting caught and pulled by the websites. I'd ban the advertising company from my site after a stunt like this, no matter how much money they bring in. They just exposed hundreds of thousands of high school and college students to a virus for a quick buck.
  • by davidwr (791652) on Thursday July 20, 2006 @01:14AM (#15748013) Homepage Journal
    "It's called My Space not Your space for a reason."
        -MySpace Vice President In Charge Of Revenue Generation
  • Just update (Score:5, Funny)

    by bigtimepie (947401) on Thursday July 20, 2006 @01:15AM (#15748014)
    From the article:
    Microsoft released a patch in January to fix a serious security flaw in the way Windows renders WMF
    What is clear from this attack is that there are plenty of people who still haven't installed this security update from Microsoft.
    If your OS puts out a security fix, it's probably for a reason. This could have been avoided for everyone just by keeping up-to-date.
    • If your OS puts out a security fix, it's probably for a reason. This could have been avoided for everyone just by keeping up-to-date.

      "Sorry all your stuff was stolen, but it's your fault for not installing a better lock."

      Maybe security updates wouldn't be so critical if the people that took advantage of them (and those that aided them, like Myspace) got bitch-slapped.

    • Re:Just update (Score:5, Interesting)

      by 0racle (667029) on Thursday July 20, 2006 @01:40AM (#15748075)
      Lots of exploits that have been released have been fixed before the exploit made the rounds. Its just that the type of moron MySpace caters to are also the type of moron that won't ever learn how to do things right.

      MySpace knows its users are idiots, and that they aren't going anywhere until their 15 minutes of fame are up. What do they care that ads they carry also target those same idiots.
      • Re:Just update (Score:3, Insightful)

        by cliffski (65094)
        not everyone who is not tech savvy is an idiot. Don't fall into the trap of assuming stupidity because someone has a differing skillset. Im sure most car mechanics think I'm an idiot because I have sod all idea how my car works, or for that matter, how to keep the engine in top condition. Like most drivers, if it starts , stops and gets me to work, I'm fine.
    • Re:Just update (Score:4, Insightful)

      by Zindagi (875849) on Thursday July 20, 2006 @01:53AM (#15748113)
      There might be other reasons why your computer is not up to date. For instance, now that Microsoft insists I install WGA before I can get the updates -- I havent been getting the updates. So Lord knows what all critical fixes my computer is missing. Not that that excuses anybody for using IE :)
    • by hyfe (641811)
      If your OS puts out a security fix, it's probably for a reason. This could have been avoided for everyone just by keeping up-to-date.
      I'm a bit unsure if this is irony or not

      If it's not. I just want to mention 'Windows Genuine Advantage', the oh-so-very critical security fix. Sure, it's there for a reason, but that reason ain't your computers well-being!

  • Tips (Score:4, Informative)

    by Anonymous Coward on Thursday July 20, 2006 @01:19AM (#15748026)
    1. Use Mozilla Firefox.
    2. Uninstall Flash, you don't need that proprietary junk, 99% of all flash animations are ads/banners anyways.
    3. Maybe you want to "block loading of images from third-party sites".
    4. Use the Adblock extension for Firefox, you can get it at http://adblock.mozdev.org/ [mozdev.org] and get some rules for it.
    5. Use a more secure operating system.

    I hate Myspace, it is a website that caters to retards, it is so dumb.
    • Re:Tips (Score:2, Interesting)

      by tacarat (696339)
      Actually, I'm wishing they'd update the flash player for Linux. Newgrounds has increasing amounts of games I can't play because of the old version. I'll be very sad if I miss a new RAB because of it...

      Other than that, I agree with everything you put up.
    • Re:Tips (Score:3, Informative)

      1. Use Mozilla Firefox.
      2. Uninstall Flash, you don't need that proprietary junk, 99% of all flash animations are ads/banners anyways.
      3. Maybe you want to "block loading of images from third-party sites".
      4. Use the Adblock extension for Firefox, you can get it at http://adblock.mozdev.org/ [mozdev.org] and get some rules for it.
      5. Use a more secure operating system

      Another great way to block most (99% ??) ad sites is to go here [mvps.org] and download this [mvps.org]. It's a hosts file that directs your PC to essentially IGNORE ALL kno

    • Re:Tips (Score:2, Interesting)

      "2. Uninstall Flash, you don't need that proprietary junk, 99% of all flash animations are ads/banners anyways." But what about the 1% that's entertaining or useful? I'm a huge webtoon fan, so if I uninstalled Flash, I'd be losing the use of some of my favorite websites. And I know I'm playing devil's advocate here, but most banner ads don't serve adware, spyware, or viruses. If they did, this wouldn't be news.
      • I ended up keeping Flash uninstalled in Firefox, my standard browser, and installing Flash into Internet Explorer for when I'm sure I want to watch something. Having to boot up IE whenever I want to watch watch/use something Flash-based is not totally convenient, but it does have the advantage that you miss a reasonable number of ads.
      • In the rare case when you have found some useable flash site, you can install FlashBlock [mozilla.org].

        I'm personally too annoyed by the large flash marks it leaves to use it, but if you need flash, FlashBlock at least will let you survive.
  • This is absolutely hilarious. I wonder if more people got AIDS or this from Myspace? Posted by: bvllets | July 19, 2006 05:20 PM
    My jaw is open in disbelief.
  • by inject_hotmail.com (843637) on Thursday July 20, 2006 @01:29AM (#15748051)
    expect to pick up something special for the ride home.

    I'm not trolling, but I can't stand myspace-type blogs.

    People need to understand that the net costs money. If you didn't pull out your credit card to pay for the resources you consumed, you'll be pulling in something into your PC...and when the intelligence quotient is double-digit...

    I've visited myspace exactly once. By accident. I'd consider it to be a sesspool of the Internet if I saw more than one profile. My sister, too, has been affected by the WMF exploit in a myspace profile. Let me just say that telephone support for Win98 on an ancient laptop is less fun than most things, including elevator rides with those people that feel that the body cleanses itself.

    My perspective -- if one goes to myspace, one deserves its effects.
  • At least that way, you're less likely to get infected. As safe as I can be, I simply don't trust banner advertisements, and adware/malware is one reason.
  • DNS Ad-blocking (Score:5, Informative)

    by computergeek1200 (909965) on Thursday July 20, 2006 @01:39AM (#15748072) Homepage

    My solution to solve this problem is to block the domains of the servers that host these ads such as (pagead2.googlesyndication.com) by using a dns server. This is better than firefox ad-blocking or most other systems. This system prevents any connection to the advertising server. I have a dns server for ad-blocking that is publicly avaiable at 68.147.32.114.

    Click here to see if you configured your dns properly.
    • Re:DNS Ad-blocking (Score:5, Informative)

      by Anonymous Coward on Thursday July 20, 2006 @02:07AM (#15748130)
      Using a public DNS server requires a fair amount of trust. I'd rather have just a list of hosts to block, which are widely available and much less of a security risk.
      • I agree that public dns servers can be a security risk. Is is possible to get a blocklist and add it to the dns server automatically. (instead of manually creating new zones and host records)
  • I'm not sure what a better argument in favor of encouraging ISPs to set up web proxies for customers running adzapper [sf.net] than this (unless we're talking dialup, in which *not* downloading ads really saves on time).
  • by Rapier (25378) on Thursday July 20, 2006 @01:57AM (#15748118) Homepage
    The shocking part is that there are still people using Windows. I've got a laptop sitting around here with Windows on it that I use as a novelty once in a while, but it's not like it can really do anything useful. The package management system is horribly antiquainted, the dependancy checking leaves a lot to be desired, and then there are the security holes in the stock applications that come with the OS. Maybe some day it will mature enough to be useful, but for now it's just a novelty that still isn't up to being used in a production environment.
    • The shocking part is that there are still people using Windows

      Why is this shocking? Windows has the highest market share and comes pre-installed on way more than the majority of pre-built computers. It is what people are used to using since it is the OS that most people started out on, so the majority of people are more comfortable using Windows since they don't have to learn something new. A lot of people also just don't know any better. They don't realize or care that there are other OS's available, a
  • by atarione (601740) on Thursday July 20, 2006 @02:33AM (#15748178)
    wow... ok so not to interupt and windows hate fest.

    but the WMF exploit has been patched since jan of this year

    anyone that got hit by this only has themselve to blame.
  • by fragMasterFlash (989911) on Thursday July 20, 2006 @02:37AM (#15748185)
    Anyone know if Windows Defender will catch the spyware component of this exploit? I suppose its a moot point since people who run IE unpatched aren't going to run Defender anyway.
  • by Fr3d (787062)
    Before we go on with all the Myspace and Windows bashing it's important to note who is at fault here.

    Myspace isn't at fault and neither is Microsoft

    Sure they make shitty products for the below average user, but that isn't the problem. Myspace administrator's don't choose exactly which ads are dissplayed on their pages, they sell their ad space to an ad company with a few constraints on what types of ads are allowed to appear. The company who provides the ads then chooses specifically which ads it wishes
  • by Absentminded-Artist (560582) on Thursday July 20, 2006 @04:37AM (#15748449) Homepage
    ...quickly upgrade all flash ads and video to Flash9 this morning. I was just prompted to upgrade to Flash9 (I don't really keep on top of Flash updates) an hour or so ago.

    Although I'd like to see MySpace increase its response time, a week response time is fairly fast for corporations. Apple took two weeks to patch the vulnerabilities discovered last February and they were applauded for having a fast response. The shame is that Microsoft's glacier-like response to security vulnerabilities makes two weeks look speedy, and one week look positively instantaneous.

    I realize that it will be popular to bash MySpace around here over this but the real culprits are, in order from least to greatest responsibility, the users who hadn't patched their OS with the latest updates, Microsoft for pushing such crappy code in the first place, and greatest of all, the ad agency that didn't catch this little beauty. They should lose their contract at the least over this, IMO. I use a Mac, Safari, and an adblocker style sheet, but I want to see an end to this. Kids shouldn't be used to propagate malwarez and if I was a band over at MySpace I'd be plenty ticked off about this, too.
  • by Opportunist (166417) on Thursday July 20, 2006 @04:47AM (#15748471)
    So that's what's meant by that term?

    (You know I've been waiting to say that for weeks now)
  • by Max Threshold (540114) on Thursday July 20, 2006 @05:33AM (#15748570)
    I encountered an ad which prompted me to download a file called 'exp.wmf'.

    Yes, it's an online dating site. No, I haven't met anyone on there yet. Shut up.

  • by TheLink (130905) on Thursday July 20, 2006 @05:36AM (#15748579) Journal
    Y'know unauthorized modification of a computer system and all that stuff?

    Tampering with 1 million computers without permission and AFAIK without good reason. Isn't that a serious criminal offense?

    That's what annoys me the most about all those "antihacker" crusades. Don't the same laws apply to spyware, unauthorized adware etc? Even Sony's DRM crap.

    But no, the FBI and other authorities round the world seem to prefer trying to jail people who are pretty harmless (like that brit looking for UFOs).

    If directors/owners of companies doing such stuff were sent to jail (or even seriously threatened with jail), you'd see a lot less spyware or nasty adware around.

    Instead there's one law for the small stupid amateur and another law for the incorporated pros.

    And that is the real reason why there's so much spyware around. Not because users are clueless (even though they are) or click on attachments without thinking.
  • by Frightening (976489) on Thursday July 20, 2006 @06:05AM (#15748626) Homepage
    Most people on MySpace have so much spyware to begin with that no change was noticed in their daily activity.

How many QA engineers does it take to screw in a lightbulb? 3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.

Working...