Spotify Becomes Latest High Profile Inadvertent Malware Distributor

Yet another example of why even the savviest of Internet users need to keep their anti-malware software current and fully working. Spotify, the popular European streaming service, discovered that it was inadvertently serving ads that were laced with malware.

The ads were served to the Spotify Windows desktop application by a third-party server. The company quickly pulled all third-party-hosted ads—cutting the head off the monster, if you will.

Spotify also says that users with anti-malware software weren’t affected since the software worked. Of course, people with premium Spotify accounts didn’t see the infected ads.

Websense first discovered the attack on March 24, and it makes use of the fairly common Blackhole Exploit Kit.

This is hardly the first time a big company has been caught inadvertently serving malware’d ads. The Drudge Report was caught serving bad ads last year, and ESPN similarly found itself serving malware. I seem to recall this very site having an issue with third-party ad servers, too.

For the hundredth time: keep that software up-to-date.

Failing that, use Lynx. The Web probably looks better that way, too!