14 DAY TRIAL // iDefense, a Verisign company has revealed the findings of a study involving a Windows related security vulnerability exploit. The statistics took into account data related to MySpace.com and other Websites that run a hacked online advertisement banner. As a result, an estimated million of users that were browsing these sites with unpatched versions of Windows OS had their machines compromised.
The exploit is tied to a security vulnerability for which Microsoft has released security updates since January. The flaw refers to the manner in which Windows renders WMF (Windows Metafile) images, allowing attackers to install malicious invasive software on unpatched versions of Windows OS.
In this case, the malware was disguised in an ad for DeckOutYourDeck.com. On the machines that lacked the WMF patch, Windows has downloaded a Trojan meant to install malicious software in the PurityScan/ClickSpring family of adware. The Trojan enables the user with pop-ups while browsing and records his surfing habits while trying to download additional malware.
Further analyzing the Trojan's behavior, researchers have discovered that the program attempted to connect to a Russian language server in Turkey. This server was keeping track of the number of compromised machines, and at the time of its discovery it had counted 1.07 million infected devices.