Either way, an alert coming from a randomly generated subdomain name is suspicious. This is more to let you know what your software might have a problem. The rest of us will just block that domain and move on.
Definitely a wise move to block the domain. TBH, I didn't see the ad, nor was I warned by Avast. I didn't have my player on much yesterday, and my hosts file may or may not have blocked it had it reached me.
What I also see as suspicious is that only AVG and Norton identified the problem. If this were indeed a threat, I would expect more than only those two programs to pick it up.
I wouldn't be so quick to blame Spotify directly, but more likely doubleclick.net, the supplier of most of the ads. When you add all of their various domain names to your hosts file, you'll see a blank space where the ad would be, and the URL is listed in the space. I feel comfortable with my hosts file adding an extra layer of protection to the AV software. If doubleclick.net was indeed the source, hosts would have caught if before it reached the AV scan. And maybe it did, for all I know.
And it wouldn't be a bad idea to run scans using both Malwarebytes and SuperAntiSpyware to be on the safe side. I'm going to do that myself. Both have free editions and remove any infections 99% of the time.
I just received an AV warning. Avast said it was from freefilesdownloader dot com. Some googling didn't lead me to anything definitive, but there is a 2 page thread on it at an avast support site. It also mentions myvnc.com. The case is ongoing, last post yesterday, currently unresolved. The poster apparently received the suspected infection from Facebook while playing Farmville.
Maybe someone smarter than me can draw some conclusions.
I opened the freefilesdownloader site in a sandboxed browser, and it prompted me to download a file, api_downloader.exe.
I got to the above thread by searching for that filename on yahoo.com. I didn't save the file, though I probably should have in order to scan it. The experts at Avast seemed to think MAY be a rootkit of some sort, but again, NOTHING DEFINITIVE, still ongoing. Everything in my sandbox scanned clean.
I might go back to download that file and run it to see what happens. If anyone else chooses to do this, make certain you do so in a SANDBOXED ENVIRONMENT ONLY.
Ok so just so I was on Spotify and my anti virus popped up and this is the msg I got on the bottom. I really want to remove Spotify at this moment
Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description 8/2/2013 3:39:17 PM,High,An intrusion attempt by yacrubn.myvnc.com was blocked.,Blocked,No Action Required,Web Attack: Malicious Website Accessed 2,No Action Required,No Action Required,"yacrubn.myvnc.com (220.127.116.11, 80)",yacrubn.myvnc.com/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvDheVQzm+YhzfWz1MPnw1S6zBdyf4decWlyaN3Dgb24q6ByoM=,"IANMAYO (192.168.0.10, 55335)",18.104.22.168 (22.214.171.124),"TCP, www-http" Network traffic from <b>yacrubn.myvnc.com/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtvDheVQzm+YhzfWz1MPnw1S6zBdyf4decWlyaN3Dgb24q6ByoM=</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME5\USERS\IAN TROLOLO MAYO\APPDATA\ROAMING\SPOTIFY\SPOTIFY.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Are you using free spotify with ads? If so, it sounds like you're seeing what others are repoting in this thread. Please confirm one way or another so I can move your post to the other thread as it will help to keep similar issues together.
Spotify is aware of the reports and is investigating.
In XP the hosts file is located in c:\windows\system32\drivers\etc
Should be somewhere similar in the newer versions
Edit the file in notepad, and make sure you save the file as "hosts" with no extension, and NOT hosts.txt. DOUBLE CHECK THE FILE EXTENSION. IT CAN'T HAVE ONE IN ORDER TO WORK. AT ALL.
I downloaded and ran the infected file in question the other day, sandboxed of course, and you'll get your browser home page hijacked, your default search engine changed, and some weird file downloader program called iPumper installed. They don't seem to cause any serious damage, but like a lot of spyware/malware, these are tough to clean.
I didn't catch a screenshot of the ad, but it had a graphic that looked like this.
If you see it and your virus protection doesn't catch it, immediately hit the reset switch on your computer. I have no idea if it downloads automatically or if you actually have to click on the ad. My AV caught it.
Only Free Users should be affected by this. I sent a more detailed report to Peter. Everyone is well aware of what's going on. Spotify is working to remedy the problem. [I still like the on/off switch idea though]
Yes, I know, no one should get this in the first place, but lets not escalate the situation.