Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Development
    • Networking

    Spotify Music Service Hit by Malware-Tainted Advertisements

    By
    Fahmida Y. Rashid
    -
    March 25, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Malvertisements reared their ugly heads again, this time for a free ad-supported digital-music service.

      Spotify, a Luxembourg-based digital-music service, was hit by malware distributed through a third-party ad network, according to a March 25 report from Netcraft, an Internet services company based in Bath, England. Malicious advertisements being displayed on the free version of Spotify, which is ad-supported, were dropping Trojans and other types of malware onto users’ computers, Netcraft said.

      Users started reporting the malware a day earlier, including Sean Collins, who wrote on Twitter, “Why has my virus scanner blocked an exploit threat from @spotify? Naughty Spotify, what are you trying to do?”

      Customer complaints began on March 24 and were still ongoing the morning of March 24. Spotify notified users via Twitter it had disabled the ads as it tried to identify the malvertisement.

      “We’ve turned off all third party display ads that could have caused it until we find the exact one,” Spotify posted on TwitterSpotify posted on Twitter.

      As of late March 24, Spotify was still investigating and looking.

      It is unclear whether there were multiple advertisements or if it kept evolving. At least one version of the attack on the music-streaming software used a Java exploit to drop malicious executable code on the victim’s computer, Netcraft said. According to Adam Hiscocks, a penetration tester who was affected, the malware was downloaded in the background without any user interaction with the ad.

      Java exploits are used very frequently in malvertising attacks, according to Dasient’s CTO Neil Daswani.

      Spotify customers on Twitter were helpful by posting the types of malware their antivirus scanners blocked, although many of them were unable to provide the exact ad link because the software had crashed shortly after the malicious ad was displayed. There were reports of fake antivirus and fake Windows Recovery tools.

      Avast’s free software identified a malicious PDF file and AVG’s antivirus software identified two different types of malware thus far, including a Trojan horse Generic_r.FZ. and a Blackhole Exploit Kit. All three were hosted on the uev1.co.cc domain. A WHOIS query indicates that domain no longer exists.

      Daswani noted this kind of incident illustrates how ad networks need to screen ads for malware or lose money. “Their customers will turn their ads off when there are malware problems,” Daswani told eWEEK. “By employing anti-malvertising defenses, both Spotify and their ad network can benefit-a win-win situation,” he said.

      Dasient’s latest Malware Update report found that the number of malvertisements jumped sharply in the fourth quarter of 2010, with more than 3 million impressions served per day.

      Visitors to the London Stock Exchange’s Website were hit by a similar attack in February when a third-party ad network served up malicious ads. Like the ads on Spotify, the London Stock Exchange ads automatically downloaded malware in the background, without requiring any kind of user interaction.

      Spotify said in a statement that Windows users running a free version of the service in the United Kingdom, Sweden, France and Spain were affected by the malvertisements.

      Fahmida Y. Rashid
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×