Hacked MySpace Server Infects a Million Computers with Malware
According to The Washington Post:
An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows….
Clever attack.
EDITED TO ADD (7/27): It wasn’t MySpace that was hacked, but a server belonging to the third-party advertising service that MySpace uses. The ad probably appeared on other websites as well, but MySpace seems to have been the biggest one.
EDITED TO ADD (8/5): Ed Felten comments.
Pat Sutlaw • July 24, 2006 7:44 AM
The last line is provocative (deliberately?)
Was the attack really that clever?
1. The attacker relied on machines not patched for months.
2. They got caught.
I think a really ‘clever’ attack would avoid 1 and 2.