February 26, 2010

GROOVESHARK – MALWARE WARNING

grooveshark

Be careful out there!

I went to Grooveshark tonight to listen to some music. (Here’s what I wrote about Grooveshark recently. For obvious reasons, I’m not going to link directly to the site tonight.)

Within a few seconds, the Internet Explorer window vanished and was replaced by a typical malware window claiming that my computer was infected with terrible diseases.

The malware came from a poisoned advertisement. Web sites that display advertising don’t put the ads there individually. Instead, they sign up with an ad network that’s responsible for supplying the ads to fill a space on the page. Here’s an admission in a Grooveshark forum that they’ve been battling poisoned ads for at least the last month. The last official response was a reassurance that “we have caught the culprit(s)!” Nope, apparently not.

nytimesmalware

Unfortunately, this is not limited to Grooveshark (which was perfectly safe and well-behaved when I went back to it and got a legitimate Mazda ad instead of the poisoned ad). Last fall the New York Times home page briefly served up poisoned ads, and it has happened – and can happen – to any legitimate web site with advertisements.

Let’s focus again on the relevant rule for safe computing:

If a web site brings something up on your screen that might be malware, do not click on anything. If you click “NO” or “CANCEL,” there is a good chance that they lied and you actually gave permission to install the malware.

  • If there is any chance that a dodgy web site is on the verge of installing a bad thing on your computer, start Task Manager and kill Internet Explorer from the list of applications there. 
  • If that’s not sufficient to close the possible malware window, see if you can identify it in the longer list of “Processes” in Task Manager.
  • If neither of those work and you still have a window onscreen that might be dangerous, turn your computer off with the power button.

You can open Task Manager by hitting Ctrl-Alt-Del, or by right-clicking on the taskbar on the bottom of the screen and clicking on Start Task Manager.

taskmanager

If you think Internet Explorer is displaying a malware window, kill all instances of iexplore.exe on the Processes tab.

taskmanagerkillie

Tonight I killed all running instances of Internet Explorer, the malware window closed, and life went on normally.

Have I mentioned it lately? Be careful out there!

Posted by Bruce Berls in IE, security
1 Comment
« CONFIDENTIAL FOLDERS IN SMALL...
TALES OF WOE: HARDWARE DEPT. »

One Response to “GROOVESHARK – MALWARE WARNING”

  1. bruceb consulting – news » TIDAL WAVE OF MALWARE Says:
    March 23rd, 2010 at 8:54 am

    [...] web site to briefly deliver poisoned ads last fall; it’s what caused me to run into a bit of malware on Grooveshark last month; it’s what took down the computers I worked on [...]