Lonely London Lad - Limiting Your Exposure to Malware on MySpace

Lonely London Lad Public Service Announcement: Limiting Your Exposure to Malware on MySpace

Limiting Your Exposure to Malware on MySpace

If you use MySpace enough, this scenario will be familiar to you: You go to post a comment, or read a MySpace Mail message, or view a photo, and suddenly a popup message appears telling you that your computer is infected with a virus, and in order to clean it, you should download software. Whether you choose to download it or not is irrelevant, because the software is installing itself, and before you know it you have a new icon in your system tray for software like "Antivir 2010" or "Antivirus Commander" or any number of similar-sounding applications. They propagate themselves on your computer, and are very difficult to get rid of. They basically try to annoy you via constant fake warnings and popups that you should pay for their software in order to get rid of all the "infections" that it detects, but the only infection is the malware itself.

MySpace offers no guidance on how to avoid them, or how to clean your system once you have them. So I, your friendly neighborhood experimental rock sensation, will do a public service here by offering some suggestions.

Why Does It Affect MySpace?

MySpace allows advertisers to use "rich content" in their advertisements, using a Microsoft technology known as ActiveX. An example of an ActiveX ad is the one with all the smiley faces that are all moving simultaneously, and which makes silly sounds when your mouse hovers over it. Because of known vulnerabilities in ActiveX, bad guys can hijack ads that use ActiveX to run their own evil software. So what happens when you go to a page to post a comment, for example, and suddenly see a malware popup, is that one of the ads that MySpace is running on that page is infected. MySpace runs so many of these ActiveX ads at any given time that your risk is relatively high, if you use MySpace enough, to encounter one of these sooner or later.

MySpace could make their website safer by not allowing rich content ads, but then they would make less money from advertisers. I don't have any proof that Myspace has such a policy, so don't want to cast any aspersions... however, it's a problem they surely know about and could solve rather than letting MySpace users deal with the fallout.

What You Can Do

There are a few ways you can protect yourself from, or reverse the damage caused by, these malware applications.

The best solution, I have found, is to install Norton Internet Security 2010 on your computer. I am not providing a link for this program, because I am not recommending it in a way that will benefit me financially (no affiliate link to Amazon, for example), but rather because it is a program that has worked for me in solving this problem. Norton will detect the malware when it launches, and will protect you from the threat. It is not a free program, so it's up to you whether paying for it is worth your peace of mind and your computer's health.

If you don't want to buy a commercial solution like Norton, there are some things you can do for free, but which aren't foolproof.

One of these things is to disable ActiveX from running in your web browser when you use MySpace (in Internet Explorer, go under Tools|Options|Security|Custom Level, scroll down the window until you see "Run ActiveX controls and plug-ins", and click "Disable", then "OK", and "OK" again). Note that this solution will mean that certain core features of MySpace will not be available to you.

If you suddenly get infected with malware, you can also use the "restore" command (in Windows, anyway) to revert your computer to a point before the infection hit it. Depending on what you were doing when the infection hit, this solution may mean losing some data (if you were working on a letter, for example, after the "safe point" and before the infection hit, you will lose that letter unless you email it to yourself or save it on another computer before restoring your system).

You can also petition MySpace to do something about these dangerous ads. You may have some leverage, since Myspace doesn't want to lose more people to the competition, and it's not a cool policy to allow rogue software to operate freely within your community.

What I Can Do

I can start digging myself out of the meter of snow that has accumulated outside the Lad Pad, and stop writing these blogs. I hope the above saves you some time and aggravation.