Spotify has been displaying malicious ads
Posted on 28.03.2011
Streaming music service Spotify has been displaying malicious ads to users of their Free version. The ads lead to websites that used the Blackhole Exploit Kit to infect users with the Windows Recovery fake AV application.


Patrick Runald, Websense Security Labs, comments: "Malvertising is nothing new, but this case is slightly different. Usually malicious ads are displayed as part of a website and viewed with the browser. In this case the malicious ad is actually displayed inside the Spotify application itself. This means that it's enough that the ad is just displayed to you in Spotify to get infected, you don't even have to click on the ad itself. So if you had Spotify open but running in the background, listening to your favorite tunes, you could still get infected."

Once the ad was displayed, the connects to uev1.co.cc where the exploit kit tries several vulnerabilities including a vulnerability in Adobe Reader/Acrobat to infect the user.

The IP address where the malicious content is hosted is well-known and the Websense Security Labs have seen it host the same exploit kit on several other domains.

The Fake AV installs a rootkit, a type of malicious software that is very hard to find ( virus total : only 4/43 antivirus engines detect it).

One interesting thing is that this appears so far to only target users in the UK and Sweden.

Spotify removed all 3rd party ads in the free version while they did their investigation but the ads have now been turned back on again.





Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //