Spotify Ads infected by viruses?

Reply

Re: Spotify Ads infected by viruses?

Rollo_
Roadie
calvert wrote:

Either way, an alert coming from a randomly generated subdomain name is suspicious. This is more to let you know what your software might have a problem. The rest of us will just block that domain and move on.

Definitely a wise move to block the domain.  TBH, I didn't see the ad, nor was I warned by Avast.  I didn't have my player on much yesterday, and my hosts file may or may not have blocked it had it reached me.

 

What I also see as suspicious is that only AVG and Norton identified the problem.  If this were indeed a threat, I would expect more than only those two programs to pick it up.

 

I wouldn't be so quick to blame Spotify directly, but more likely doubleclick.net, the supplier of most of the ads.  When you add all of their various domain names to your hosts file, you'll see a blank space where the ad would be, and the URL is listed in the space.  I feel comfortable with my hosts file adding an extra layer of protection to the AV software.  If doubleclick.net was indeed the source, hosts would have caught if before it reached the AV scan.  And maybe it did, for all I know.

 

And it wouldn't be a bad idea to run scans using both Malwarebytes and SuperAntiSpyware to be on the safe side.  I'm going to do that myself.  Both have free editions and remove any infections 99% of the time.

Re: Spotify Ads infected by viruses?

Rollo_
Roadie

I just received an AV warning.  Avast said it was from freefilesdownloader dot com.  Some googling didn't lead me to anything definitive, but there is a 2 page thread on it at an avast support site.  It also mentions myvnc.com.  The case is ongoing, last post yesterday, currently unresolved.  The poster apparently received the suspected infection from Facebook while playing Farmville.

 

http://forum.avast.com/index.php?topic=130268.15

 

Maybe someone smarter than me can draw some conclusions.

 

I opened the freefilesdownloader site in a sandboxed browser, and it prompted me to download a file, api_downloader.exe. 

 

I got to the above thread by searching for that filename on yahoo.com.  I didn't save the file, though I probably should have in order to scan it.  The experts at Avast seemed to think MAY be a rootkit of some sort, but again, NOTHING DEFINITIVE, still ongoing.  Everything in my sandbox scanned clean.

 

I might go back to download that file and run it to see what happens.  If anyone else chooses to do this, make certain you do so in a SANDBOXED ENVIRONMENT ONLY.

Some virus from Spotify

LuigiWizletitz
Casual Listener

Ok so just so I was on Spotify and my anti virus popped up and this is the msg I got on the bottom. I really want to remove Spotify at this moment 


Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
8/2/2013 3:39:17 PM,High,An intrusion attempt by yacrubn.myvnc.com was blocked.,Blocked,No Action Required,Web Attack: Malicious Website Accessed 2,No Action Required,No Action Required,"yacrubn.myvnc.com (212.7.195.120, 80)",yacrubn.myvnc.com/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvDheVQzm+YhzfWz1MPnw1S6zBdyf4decWlyaN3Dgb24q6ByoM=,"IANMAYO (192.168.0.10, 55335)",212.7.195.120 (212.7.195.120),"TCP, www-http"
Network traffic from <b>yacrubn.myvnc.com/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvDheVQzm+YhzfWz1MPnw1S6zBdyf4decWlyaN3Dgb24q6ByoM=</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME5\USERS\IAN TROLOLO MAYO\APPDATA\ROAMING\SPOTIFY\SPOTIFY.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

Re: Some virus from Spotify

Joe
Community Legend

Are you using free spotify with ads? If so, it sounds like you're seeing what others are repoting in this thread. Please confirm one way or another so I can move your post to the other thread as it will help to keep similar issues together.

 

Spotify is aware of the reports and is investigating.

Re: Some virus from Spotify

chmm87
Newbie

I just had the same problem

IP Addres - vproaft.myvnc.com (212.7.195.120)

vproaft.myvnc.com/index.php?c=RaENOjEayDF925cOxP3CC60zajgAjCT

 

Re: Some virus from Spotify

LuigiWizletitz
Casual Listener

Ok cool. I was really concerned and yes im using th free version

Re: Some virus from Spotify

Joe
Community Legend

Thanks for coming back :)

Re: Spotify Ads infected by viruses?

NinjaIzzi
Regular

Man, I haven't used spotify in days aaah

 

You guys should use the Spotify Player online to avoid any other damage these cursed ads will do to your PC. There's no image ads, just audio. It's pretty convenient.

Re: Spotify Ads infected by viruses?

Rollo_
Roadie

Maybe an ad moratorium is in order.  There must be an on/off switch somewhere.  ;)

 

Anyone reading this thread should add the following lines to their hosts file, whether you've run across the ad or not.

 

127.0.0.1 www. freefilesdownloader.com
127.0.0.1 www. myvnc.com
127.0.0.1 www. anyfiledownloader.com
127.0.0.1 3.webfilesdownloader.com
127.0.0.1 www. anyfiledownloader.com
127.0.0.1 www. downloadfileshere.com
127.0.0.1 www. downloadfileshere.co
127.0.0.1 www. filezdownloader.com
127.0.0.1 195.66.79.27

TAKE OUT THE SPACE AFTER THE "WWW."

EDIT:  Added these from the posts above

127.0.0.1 yacrubn.myvnc.com
127.0.0.1 vproaft.myvnc.com
127.0.0.1 212.7.195.120

 

 

In XP the hosts file is located in c:\windows\system32\drivers\etc

Should be somewhere similar in the newer versions

 

Edit the file in notepad, and make sure you save the file as "hosts" with no extension, and NOT hosts.txt.  DOUBLE CHECK THE FILE EXTENSION.  IT CAN'T HAVE ONE IN ORDER TO WORK.  AT ALL.

 

I downloaded and ran the infected file in question the other day, sandboxed of course, and you'll get your browser home page hijacked, your default search engine changed, and some weird file downloader program called iPumper installed.  They don't seem to cause any serious damage, but like a lot of spyware/malware, these are tough to clean.

 

I didn't catch a screenshot of the ad, but it had a graphic that looked like this.2013-08-01_155525_cr.jpg

If you see it and your virus protection doesn't catch it, immediately hit the reset switch on your computer.  I have no idea if it downloads automatically or if you actually have to click on the ad.  My AV caught it.

 

Only Free Users should be affected by this.  I sent a more detailed report to Peter.  Everyone is well aware of what's going on.  Spotify is working to remedy the problem.  [I still like the on/off switch idea though]

 

Yes, I know, no one should get this in the first place, but lets not escalate the situation.

 

keep-calm-and-edit-your-hosts-file.jpg

Re: Spotify Ads infected by viruses?

Joe
Community Legend

Thanks Rollo. Hopefully, Spotify will have some news on this issue "soon".

SUGGESTED POSTS