<![CDATA[Spyware Drive-By on MySpace]]>A friend of mine was reinstalling one of his Windows machine just for the heck of it. For some reason, “Lord Ahriman” from the band “Dark Funeral” came up in our conversations. Google pointed us to “Lord Ahriman” MySpace page and both of us were looking at the page on our own computers. I was using my PowerBook G4 and he was using Internet Explorer on his newly installed Windows OS.

After a while Internet Explorer quit unexpectedly in the middle of Microsoft Update. Naturally, he restarted the computer. Right after that the Windows started acting weird. The “Start Menu” no longer functional, and we couldn’t go to Mozilla homepage.

Upon a brief inspection, we found a suspicious process named “ntsock.exe” running on his system. It turned out to be a spyware. He quickly downloaded AVG Anti-Spyware and managed to remove the spyware. The “Start Menu” finally worked normally, but the system was still unstable. Upon further inspections, we found yet another suspicious process named “username.exe“. It seems to be another piece of spyware.

We’re not really sure how we got the spywares in the first place. By the process of elimination, we concluded that the spywares were delivered through MySpace. It was a spyware drive-by on MySpace.

Anti-Spywares (free versions) for Windows
Spybot: Search & Destroyhttp://spybot.info/
Lavasoft: Ad-Aware Personal Edition SEhttp://www.lavasoft.com/
SpywareBlasterhttp://spywareblaster.info/
Microsoft Defenderhttp://www.microsoft.com/defender/
AVG Anti-Spyware Freehttp://free.grisoft.com/

]]>