A malicious banner ad on MySpace.com has been downloading a Trojan horse on to unsuspecting site visitors, says Internet security company iDefense.

One of its analysts, Michael La Pilla, noticed the ad for Deckoutyourdeck.com because his browser asked him if he wanted to open an exp.wmf file.

The Trojan horse that exploits a WMF weakness in Internet Explorer that was patched at the very beginning of this year.

However, users who haven't been vigilant in downloading Microsoft's security updates would not have received a warning that the virus was downloading itself.

The Trojan downloads malware, tracks internet usage and causes the infected computer to be flooded with pop-up ads.

The iDefence expert has determined that at least 1.07 million computers are infected with the Trojan.

As Alexa puts MySpace as the sixth most-popular site on the Web, it's unsurprising that so many computers have been infected.

The defense against this sort of attack is so simple; just keep downloading Microsoft's security patches.


The Washington Post