Here’s another case to illustrate the importance of installing security updates, installing them in a timely manner, and installing not just OS updates, but those for third-party software applications as well.
Taking advantage of system vulnerabilities — most often the result of missing, or uninstalled, patches — malware authors are continually taking advantage of websites that have significantly high traffic (and this everyone knows) to target unsuspecting users.
Social networking site MySpace is reportedly said to be laced with banner ads that install malicious programs and files. Trend Micro detects some of these files as employing encryption similar to known variants of RBot, SDBot, and SPYBot malware.
This would not be the first time that MySpace has been compromised.
In November last year, TrendLabs analysts found pages of the social networking site embedded with codes that redirect users to malicious sites.
Similar banner ads were found on the popular search portal Excite.com. Brian Krebs of the Washington Post wrote that there are ads on the Web site containing malicious code, which redirects users to a page that tries to install a malware informing users of a bogus system infection, and then urges them to purchase the software that can “clean” the supposed infections.
The German Web site Blick was reported to have these same malicious banner ads as well.
Social networking sites have been targets of malware authors for a while now because of the large number of people who use them. Users are always reminded to exercise caution in their social networking activities online. And again, everyone is reminded to install all the necessary patches once they are available.