Online banner ads running on MySpace.com and web sites infected more than one million users with adware, according to net security firm iDefense.

The attack exploited a Windows Metafile (WMF) exploit, fixed by Microsoft in January, to infect vulnerable Windows machines with malware from PurityScan/ClickSpring family of adware. The malware surreptitiously tracks internet usage while bombarding infected users with pop-up ads.

The banner ad that played a staring role in the attack ostensibly advertised a site called deckoutyourdeck.com. In reality, machines were directed to Russian-language website in Turkey, which tracked the number of times adware programs were downloaded, the Washington Post reports (http://blog.washingtonpost.com/securityfix/2006/07/myspace_ad_served_adware_to_mo.html).

Data on the site suggested that the adware had been installed on 1.07m PCs, a huge figure that equates to a big payday for the unknown perpetrators of the attack and plenty of pain for ordinary surfers. ®

Related stories

MySpace celebrity hacker downs hacking forum (7 December 2007)
http://www.theregister.co.uk/2007/12/07/myspace_celebrity_hack/
DoubleClick caught supplying malware-tainted ads (13 November 2007)
http://www.theregister.co.uk/2007/11/13/doubleclick_distributes_malware/
Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users (11 September 2007)
http://www.theregister.co.uk/2007/09/11/yahoo_serves_12million_malware_ads/
MySpace to be co-opted into Month of Bugs (20 March 2007)
http://www.theregister.co.uk/2007/03/20/myspace_momby/
MySpace-hosted malware exploits QuickTime flaw (16 March 2007)
http://www.theregister.co.uk/2007/03/16/myspace_quicktime_exploit/
Silence and 'scareware' epidemic at MySpace (27 January 2007)
http://www.theregister.co.uk/2007/01/27/myspace_scareware_myscare/
Hackers debut Mac OS X adware (24 November 2006)
http://www.theregister.co.uk/2006/11/24/mac_os_x_adware/
VXers target online video (1 November 2006)
http://www.theregister.co.uk/2006/11/01/vxers_target_online_video/
MySpace phishing scam targets music fans (14 October 2006)
http://www.theregister.co.uk/2006/10/14/myspace_phishing_scam/
MS revokes 'adware' distributor's community award (10 October 2006)
http://www.theregister.co.uk/2006/10/10/ms_revokes_mvp_award/
Facebook mods controversial 'stalker-friendly' feature (8 September 2006)
http://www.theregister.co.uk/2006/09/08/facebook_climbdown/
Users protest over 'creepy' Facebook update (7 September 2006)
http://www.theregister.co.uk/2006/09/07/facebook_update_controversy/
Murdoch offers film/TV downloads (14 August 2006)
http://www.theregister.co.uk/2006/08/14/murdoch_sells_downloads/
Social sites a breeding ground for malware: report (10 August 2006)
http://www.theregister.co.uk/2006/08/10/social_sites_breed_malware/
MySpace for adults touts 18+ credentials (27 July 2006)
http://www.theregister.co.uk/2006/07/27/adult_myspace/
MySpace to songwriters: sell more shirts (19 July 2006)
http://www.theregister.co.uk/2006/07/19/myspace_royalty_snub/
Phishers aim to hook MySpace users (5 June 2006)
http://www.theregister.co.uk/2006/06/05/myspace_phishing_attack/
Teen hack suspects charged over MySpace extortion bid (25 May 2006)
http://www.theregister.co.uk/2006/05/25/myspace_hack_charges/
UK.gov repels zero day WMF attack (24 January 2006)
http://www.theregister.co.uk/2006/01/24/uk_gov_wmf_attack/
Zero-day holiday (5 January 2006)
http://www.theregister.co.uk/2006/01/05/secfocus_zeroday/
Windows users waiting for serious fix (3 January 2006)
http://www.channelregister.co.uk/2006/01/03/windows_meta_file_hack/
World+dog scrambles to fight Windows flaw (3 January 2006)
http://www.theregister.co.uk/2006/01/03/wmf_workaround/
Trojan alert over unpatched Windows flaw (29 December 2005)
http://www.theregister.co.uk/2005/12/29/wmf_trojan_alert/