Free version of Spotify infects users with malware

vbimport

#1

We’ve just posted the following news: Free version of Spotify infects users with malware[newsimage]http://www.myce.com/wp-content/images_posts/2015/09/spotify-logo-95x75.png[/newsimage]

The free version of the popular music streaming site, Spotify, showed malicious advertisements to its users. According to reports the Spotify Free app will launch the default browser and open several websites serving malware.

            Read the full article here: [http://www.myce.com/news/free-version-spotify-infects-users-malware-80595/](http://www.myce.com/news/free-version-spotify-infects-users-malware-80595/)

            Please note that the reactions from the complete site will be synched below.

#2

It’s not the first time Spotify infects users with malware, in 2011 the streaming service apologized for serving malicious advertisements to it users.
This tells all what we need to know. It’s about the bottom line and F(&*& the users. They only admit it when caught and go right back to business as usual when people aren’t looking.


#3

^ like what else is new :wink:

In other words, we should never stop looking, anyone caught having to apologize only represent the tip of the iceberg. On the bright side, they survived under the radar for five years, not bad at all :bigsmile:

On a serious note, it goes to tell us all that we have to suspect that any site we access by app or by browser, quite possibly is malicious… Like I said before, I surf even this site on a VM accessed from a sandboxed VNC session working as a KVM only. Furthermore, the actual browser session to this site is sandboxed on the VM as well.
Still, it is not like I don’t trust this site and the intentions and work put into it, I really do. I don’t trust technology however and so I apply security against the unknown as a precaution.
The same goes for the few times I enter Spotify, sandbox-VM-Sandbox-Spotify. The difference being that the VM entering Spotify and loads of other places is deleted every 90 days compromised or not whereas this one is permanently activated and permitted to live unless compromised (so far not compromised… to my knowledge).

Personally I think people are way too trusting…


#4

[QUOTE=Xercus;2781791]^ like what else is new :wink:

In other words, we should never stop looking, anyone caught having to apologize only represent the tip of the iceberg. On the bright side, they survived under the radar for five years, not bad at all :bigsmile:

On a serious note, it goes to tell us all that we have to suspect that any site we access by app or by browser, quite possibly is malicious… Like I said before, I surf even this site on a VM accessed from a sandboxed VNC session working as a KVM only. Furthermore, the actual browser session to this site is sandboxed on the VM as well.
Still, it is not like I don’t trust this site and the intentions and work put into it, I really do. I don’t trust technology however and so I apply security against the unknown as a precaution.
The same goes for the few times I enter Spotify, sandbox-VM-Sandbox-Spotify. The difference being that the VM entering Spotify and loads of other places is deleted every 90 days compromised or not whereas this one is permanently activated and permitted to live unless compromised (so far not compromised… to my knowledge).

Personally I think people are way too trusting…[/QUOTE]
To me I surf this site from home with PC host edits and don’t worry about adware or popup links but from work I have to go with what they have. :sad:


#5

[QUOTE=Xercus;2781791]I surf even this site on a VM accessed from a sandboxed VNC session working as a KVM only. Furthermore, the actual browser session to this site is sandboxed on the VM as well.[/QUOTE] You’re carelessly assuming that this site has actual human users instead of being entirely populated with malicious AI bots intent on messing with your mind… and it’s sandboxed inside the same Matrix as you are.

You need more tinfoil and a red pill, or alternatively a blue pill! :cool:


#6

[QUOTE=DrageMester;2781796]You’re carelessly assuming that this site has actual human users instead of being entirely populated with malicious AI bots intent on messing with your mind… and it’s sandboxed inside the same Matrix as you are.

You need more tinfoil and a red pill, or alternatively a blue pill! :cool:[/QUOTE]

Just because I’m paranoid doesn’t mean they’re not after me

It is a question of detaching by virtualisation layers and isolate yourself as much as possible from the technology in the name of proactive security. After all, before discussing bots and users, a site is just software (with known and unknown vulnerabilities), some config/lot of work (prone to human error), 3rd-party AD servers (prone to hacking) and so on. In other words a multitude of possibilities for anyone with ill intent… and the approach could have saved a lot of work in the case of Spotify.

As Homer Simpson did put it: “…now I have to face stupid reality again”


#7

Could someone remind me again why ad blockers are so popular? Oh, that’s right. Anyway…

Spotify reports it’s investigating the issue and asks users that also suffer from the issue to report it.
I wonder how hard it is to “investigate” this issue and fix it. I’m going to guess it’s almost as easy as not serving up malware in the first place. Seriously, is it that hard to screw with your customers? Where on earth does all this temptation to infect people come from? I’m certainly glad I just buy used CDs and rip them to whatever device I darn well feel like (without executing AutoRun), otherwise I’d have to put up with his BS myself.