IE security flaws are used to spread adware

Security firm iDefense has warned that more than one million MySpace.com users and some other websites have been infected with a dangerous adware.

The adware was distributed primarily through an ad for the deckoutyourdeck.com website that appeared on the account management page on MySpace website, Ken Dunham - an iDefense expert - warned.

The adware above exploits security flaws in how Internet Explorer handles Windows Metafile image files (WMF).

The WMF security bug has been warned since December 2005 after hackers spread a malicious WMF image through email, instant messages and websites. If the user opens the WMF file, the embedded malicious code could allow hackers to take control of the user's system. So far, there have been a total of 600 websites targeting the WMF security bug, Dunham said.

Last January, Microsoft released a patch to fix the WMF security bug. Unfortunately, there are still many computer systems that users have not installed patches that make their system still completely open to hackers.

Therefore, systems that have not installed the patch have become the most vulnerable targets. Just visit a website that contains deckoutyourdeck.com banner ads, these systems will be infected with a trojan immediately. If the system has installed the patch, the warning system will have the "exp.wmf" file downloaded, Dunham said.

Once the trojan is activated, it will cause the infected system to connect to a host of other websites to download a lot of other malware, including PurityScan adware. This is a software that constantly pops up advertising windows on the screen and records all online activities of users.

PurityScan adware is difficult to remove, it requires technical knowledge.

iDefense estimates that there are now about 1.07 million computers infected with the malware, warning users to quickly install security updates and update security software updates. .

Hoang Dung