Online banner ads running on MySpace.com and web sites infected more than one million users with adware, according to net security firm iDefense.
The attack exploited a Windows Metafile (WMF) exploit, fixed by Microsoft in January, to infect vulnerable Windows machines with malware from PurityScan/ClickSpring family of adware. The malware surreptitiously tracks internet usage while bombarding infected users with pop-up ads.
The banner ad that played a staring role in the attack ostensibly advertised a site called deckoutyourdeck.com. In reality, machines were directed to Russian-language website in Turkey, which tracked the number of times adware programs were downloaded, the Washington Post reports.
Data on the site suggested that the adware had been installed on 1.07m PCs, a huge figure that equates to a big payday for the unknown perpetrators of the attack and plenty of pain for ordinary surfers. ®