Spotify has been displaying malicious ads
Posted on 28.03.2011
Streaming music service Spotify has been displaying malicious ads to users of their Free version. The ads lead to websites that used the Blackhole Exploit Kit to infect users with the Windows Recovery fake AV application.


Patrick Runald, Websense Security Labs, comments: "Malvertising is nothing new, but this case is slightly different. Usually malicious ads are displayed as part of a website and viewed with the browser. In this case the malicious ad is actually displayed inside the Spotify application itself. This means that it's enough that the ad is just displayed to you in Spotify to get infected, you don't even have to click on the ad itself. So if you had Spotify open but running in the background, listening to your favorite tunes, you could still get infected."

Once the ad was displayed, the connects to uev1.co.cc where the exploit kit tries several vulnerabilities including a vulnerability in Adobe Reader/Acrobat to infect the user.

The IP address where the malicious content is hosted is well-known and the Websense Security Labs have seen it host the same exploit kit on several other domains.

The Fake AV installs a rootkit, a type of malicious software that is very hard to find ( virus total : only 4/43 antivirus engines detect it).

One interesting thing is that this appears so far to only target users in the UK and Sweden.

Spotify removed all 3rd party ads in the free version while they did their investigation but the ads have now been turned back on again.





Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Nov 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //