Announcements
The Spotify Stars Program: Celebrating Values Week!

Help Wizard

Step 1

NEXT STEP

Spotify Ads infected by viruses?

Spotify Ads infected by viruses?

Hello, just today I got an ad in spotify that was a fake windows security window (in the ad box) and said my computer was infected. I know virus fake that and am not saying my computer is infected. At first I just dismissed it cause it disappeared and said oh maybe my laptop has a virus (I don't have security on that laptop cause I hardly use it) and went on with my day. Just a few moments ago I saw an ad in spotify (on my secured Desktop) with a web address that said "failed to load..." I dont remember the full message but it listed a URL that looked very suspicious. Shortly after that ad disappeard Norton had come up and said 3 malicious attacks were blocked. This raised concern because it happened on a secure computer too. Luckily norton stopped the attacks. Could other users confirm whether this is happening to you as well or if it's just me. Please look into this Spotify as this is a security concern not only for me but I assume other users as well.

 

Thanks,

Brandon

 

EDIT!: I have dug into Norton and found the Web Address as well as the IP that tried attacking my computer. The web address blocked is the same as the one that popped up in my Spotify Ad bar at the bottom of the screen. Attached are the details from Norton.

 

[UPDATE - 2.09.2013]: We're happy to say we haven't seen any new or reoccurring reports of this so we're going to lock this thread. If you're experiencing any new issues, feel free to post a new thread in the appropriate board. Thanks everyone!

 

spotifyattacks.png
Reply
34 Replies

This is absolutely bull! I swear, if my computer is now infected by an ad that was displayed on spotify, I will sue!

That looks to be the same website that I was attacked by. Hopefully spotify will look into this and report back to us as soon as possible and we will have an answer soon.

I've never had a virus on this computer before, but now all the sudden I have two and i'm not even done scanning. Spotify, I swear to god, I will sue if ANYTHING is on this computer is caused by that ad hijack.

This just happened to me a little while ago, too. Norton blocked 2 attacks that sound exactly like what the original poster described. An "ad" appeared at the bottom with just a link against a white background, and I thought, "haha, that ad is glitching". Joke's on me. It was malicious.

 

I just got my free account yesterday and I'm very frustrated and disappointed. I was very excited to use the free version of Spotify. Now I'm afraid to, so forget about it! At least until I can do a monthly subscription, I'm not using the service anymore.

 

HI everyone!

 

Firstly, although I don't work for Spotify, I apologise for the inconvenience this will have caused you. I am going to escalate this to the staff so they can take a look as to why and how the virus ads got onto Spotify. Inappropriate ads are bad enough, let alone viruses!

 

Anthony 🙂

This post was by Taylor - I do not work for Spotify!
If this solved your issue - Mark it as a solution! If you like my post - Please add Kudos!
||  Spotify Profile - Taylor   |  Feel free to PM me - Here  ||

Hi everyone,

 

Thanks for letting us know about this. We'll get it looked into and we'll post back here as soon as we hear anything.

--------------------------------------------------------------

For common support questions, see support.spotify.com.
To judge my musical taste, check out my last.fm.

Thank you!

Yes, I have noticed the fake AV ad too.  It is something I did not expect from Spotify, but knew it was an malicious ad instantly.

Things like this, are very concerning.  With this going around, it makes me worry about personal information.  Is the Spotify database itself infected, putting our personal information at risk?

 

I own a Facebook page called Online Security Keeper, and provide support for virus removal, as well as speeding up a computer that is slower than it should be.

If anybody needs help, feel free to contact my page.

A good hosts file will block nearly all of the print ads, other than the ones that originate from Spotify.  I've noticed a lot of them originate from doubleclick.net.  I'll wager a guess that one of the ad suppliers has been compromised.

 

Spybot Search & Destroy will install one for you or try http://winhelp2002.mvps.org/hosts.htm

I use both.  My host file is 558kb and I don't notice any slowdown in browsing.  YMMV.

 

 

I had the same virus alert although a slightly different address.   Attached screenie...

 

spotify_virus_screenie.JPG

same crap. my avg just went off. Whats the deal spotify?

Do you by chance play Minecraft or similar online games?  MyVNC is a remote desktop sharing program, its available on a lot of the shareware software sites.  OTOH, myvnc.com is a dynamic DNS service site, which not unusual in itself, could possibly be masking the origin of a potential attack site.  Maybe.

 

Remember too that a lot of virus warnings are false positives.  One AV program may report a potential problem and another may not.  Their heuristics algorithms look for patterns of activity.  Some are more accurate than others.

Same here.

 

Capture.JPG

 

Symantec caught it.

Spotify just him me with this too, and A LOT of other people. see link, and discuss comments below:

 

http://www.avgthreatlabs.com/website-safety-reports/domain/myvnc.com/

 

You have a great app.  Maybe you should think about not getting most of your ad content served from the ass end of the internet.

Read my post above.  I don't see a single post at the AVG feedback site where any real threat was detected.

 

During the last 7 days potentially active malware was detected on a subdomain. However, no threats were detected on the main website. 

"potentially," and detected on a subdomain.

 

Just means the heuristics found something that appeared unusual.  Might be real, might not.  Inconclusive.  I wouldn't draw any conclusions from the comments thread.  Looks mostly like a lot of people screaming "the sky is falling."

Me too. Slightly different address than everyone else's, but still had the .myvnc in it. I didn't get to see the ad itself, I had spotify running in the background.

 

.

 

Norton managed to catch the IP: 212.7.195.120 which matches with everyone else's, so we're good. I trusted you spotify. (I'm still listening to music though) 

 

Wowee, thank god for Norton.

 

Hi I am also experiencing malicious like activity while using Spotify. Luckily Avast's netshield blocked access to a perhaps malicious spotify ad.

 

EDIT: I do not know how to break the links so I have put it in a code box to prevent anyone from accidentally clicking them if they are infact malicious

 

Spoiler

"

31.07.2013  23:24:59  Network Shield: blocked access to malicious site http://www.freefilesdownloader.com/download/1/91000/api ([195.66.79.29]:80) [ C:\Users\*****\AppData\Roaming\Spotify\spotify.exe ( 2928 ) ]
31.07.2013  23:25:00  Network Shield: blocked access to malicious site http://www.freefilesdownloader.com/css/layout1/style.css ([195.66.79.29]:80) [ C:\Users\*****\AppData\Roaming\Spotify\spotify.exe ( 2928 ) ]
31.07.2013  23:25:00  Network Shield: blocked access to malicious site http://www.freefilesdownloader.com/js/jquery-1.8.2.min.js ([195.66.79.29]:80) [ C:\Users\*****\AppData\Roaming\Spotify\spotify.exe ( 2928 ) ]
31.07.2013  23:25:00  Network Shield: blocked access to malicious site http://www.freefilesdownloader.com/js/jquery.cookie.js ([195.66.79.29]:80) [ C:\Users\*****\AppData\Roaming\Spotify\spotify.exe ( 2928 ) ]
31.07.2013  23:25:00  Network Shield: blocked access to malicious site http://www.freefilesdownloader.com/js/common.js ([195.66.79.29]:80) [ C:\Users\*****\AppData\Roaming\Spotify\spotify.exe ( 2928 ) ]
31.07.2013  23:25:00  Network Shield: blocked access to malicious site http://www.freefilesdownloader.com/js/jquery.fileDownload.js ([195.66.79.29]:80) [ C:\Users\*****\AppData\Roaming\Spotify\spotify.exe ( 2928 ) ]
31.07.2013  23:25:00  Network Shield: blocked access to malicious site http://www.freefilesdownloader.com/images/layout1/all_bg_2.3.jpg ([195.66.79.29]:80) [ C:\Users\*****\AppData\Roaming\Spotify\spotify.exe ( 2928 ) ]
31.07.2013  23:25:00  Network Shield: blocked access to malicious site http://www.freefilesdownloader.com/images/layout1/ani.gif ([195.66.79.29]:80) [ C:\Users\*****\AppData\Roaming\Spotify\spotify.exe ( 2928 ) ]

"

 

 

 

 

I love spotify and would be dissapointed if it has been the cause of malicious attacks on my computer.

 

Last week I was sort of locked out of my computer. I could not start any programs and denied access when trying to look in my program files etc. I can go into this more if i need to.

 

Long story short I had to completely wipe my hard drive and install a fresh new copy of windows 8. I was just about to transfer money and activity like this concerns me greatly!!

 

I DID NOT download anything prior to this with an exception to Guild Wars 2 updates (computer game) through their updating services as well as a printer driver from Windows's device manager. Spotify WAS open and was the only thing that was working. It never crossed my mind that Spotify may be responsible for this...

 

I hope this gets sorted out, and if I can be of any more help, please, don't be afraid to ask.

 

 

 

Sounds to me like one of the ad companies that puts ads on Spotify has been subject to a malicious attack from someone, and is now distributing infected ads. But, as Rollo correctly states, there is also the chance that it is a false positive, as some heuristic algorithms are far better and more reliable than others.

So I wouldn't really confirm it is a virus until more than just Norton and avast give a virus alert. AVG just says potential, so that doesn't count. Anyone want to try downloading something like Malwarebytes and giving it a whirl with that instead? I personally think Malwarebytes is a far more reliable source than Norton, but let's not turn this into an AV war.

 

Nevertheless, hopefully it will be fixed soon!

 

Anthony 🙂

This post was by Taylor - I do not work for Spotify!
If this solved your issue - Mark it as a solution! If you like my post - Please add Kudos!
||  Spotify Profile - Taylor   |  Feel free to PM me - Here  ||

Either way, an alert coming from a randomly generated subdomain name is suspicious. This is more to let you know what your software might have a problem. The rest of us will just block that domain and move on.

Suggested posts