PC Advisor has reported that iDefense has detected that at least one million users of MySpace.com and other websites have been infected with adware. The adware is spread through a banner advertisement promoting the site Deckoutyourdeck.com. Sites that distribute adware are paid based on the number of machines that get infected with the software, and hackers have subsequently created ways to spread it without user consent, thus increasing their payments.
Hackers are of vulnerability in Microsoft’s Internet Explorer, particularly in the way that it handles WMF (Windows Metafile) image files. The Explorer problem became evident back in December when hackers distributed a WMF image through email, IM links, and websites that, when opened, allow a hacker to gain control over a victim’s computer.
Microsoft subsequently issued a patch for the bug, but many users may be unaware of the problem, let alone the solution. When unpatched computers visit a page that features the Deckoutyourdeck.com advertisement, the banner causes the download of a Trojan program. Once the Trojan begins to run, infected machines begin to contact various websites and download advertising software from Purity Scan as well as other unwanted programs. Purity Scan causes pop-up windows to appear and tracks a user’s online activity.
Ken Dunham, director of the rapid response team at iDefense, said that it is possible that the banner has been active for weeks. There is currently a search to determine who is behind the adware, but because hackers frequently use false credentials when registering a domain name, Dunham said that inquiries remain clouded.