A MySpace banner ad used the WMF exploit to install intrusive adware onto thousands of PCs.

The banner, advertising DeckOutYourDeck.com, contained a windows metafile cheekily named "exp.wmf" which used a buffer overflow to trigger the adware downloader. All this was done without user intervention, simply visiting a site installed intrusive adware with many pop-ups.

This is not necessarily the fault of MySpace, rather the fault of the banner ad provider. This is yet another way for miscreants to get malicious code onto "trusted" sites.

Whilst the WMF flaw is patched, and many AV products already pick it up, this exploit still succeeded - a testament to the number of poorly protected PCs out there.

Altravision's  ASF and EIM allows adverts to be blocked - saving bandwidth and mitigating attacks such as these. Coupled with limitations on browsing, a strong AUP and both host and network AV, most organisations should be able to minimise this threat.

Read the story at Washington Post.