Spotify Users Suffer Drive-by Malware Attacks

By Author: eccuni
Total Articles: 211
Comment this article

Websites rely on third party advertisements to offer free services to the customers. Advertisements may come in the form of pop-up ads, banner ads, floating ads and video ads among several others. However, these advertisements could be misused by cybercriminals to install malware in user's computers. Recently, cybercriminals targeted Spotify user's with malvertizing attacks. In case of malvertizing, attackers insert or modify a code in the advertisement to exploit flaws in web browser code. They avail the services of popular online advertising networks for propagating the malware. Spotify is a popular online music service in European countries. Users of the free ad-supported version have the facility to listen to their favorite songs online. When unwary users clicked on some of the third party advertisements placed on the site, they also inadvertently downloaded malware on their computer systems. Attackers reportedly exploited a Java vulnerability to insert malicious code into vulnerable systems. The advertisements with malicious code may entice users with attractive offers, interesting news article, free downloads and fake ...
... anti-virus software. When users click on the links placed in the advertisements, they may also be redirected to fake website or require users to download software to view the advertisement. Internet security firm Sophos has also reported the existence of a malware spreading advertisement on Facebook, which was quickly rectified by the social networking site.

Attackers may exploit vulnerabilities in website through malvertizing, drive-by malware, SQL injection and iframe injection attacks. Website owners must review the security of the website regularly to identify vulnerabilities and threat vectors. They must also verify the procedures followed by third party advertising networks to evade malicious links and misuse of advertisements. Employees could be educated on various online threats, preventive and remedial measures through training sessions, refresher courses, online university degree and e-learning programs.

Online service providers may avail the services of IT professionals qualified in secured programming, masters of security science and security certifications to strengthen the defenses against online threats. Organizations may install web filtering technologies to prevent unintentional download and propagation of malware in computer systems and networks.

They must install and regularly update anti-virus and anti-malware solutions. Security software must be downloaded directly from the website of a legitimate developer rather than by clicking on links in pop-ups. They must be wary of visiting unknown third party sites to download software. Users must constantly update software products to avoid exploitation of vulnerabilities. They must be wary of clicking on third-party advertising links on websites. E-brochures, videos and online degree programs could be used to enlighten Internet users on different security threats and Internet safety tips.