Users of the free version of online music scheme Spotify have been warned that some of the ads they see – as part of the agreement to use the service – contain links to malicious viruses.
Security firm Websense claims the site has been running a number of ads which lead to websites that infect users with a Windows Recovery fake anti-virus (AV) application.
Displayed inside the Spotify application, the ads appear to be targeting users in the UK and Sweden.
One security expert warned: “This means that it is enough that the ad is just displayed to you in Spotify to get infected, you do not even have to click on the ad. So if you had Spotify open, but running in the background, listening to your favourite tunes, you could still get infected.”
Once the ad is displayed, it connects to hxxp://uev1.co.cc, where the exploit kit tries several viruses, including Adobe Reader and Acrobat to infect the user.
The IP address where the malicious content is hosted is well-known, and Websense Security Labs has seen it host the same exploit kit on other domains.
The fake AV installs a rootkit, a type of malicious software that only four out of 43 antivirus engines detect, according to Virus Total.
Spotify removed all third party ads in the free version while it carried out an investigation, but the ads have now been turned back on, said Websense.
Related stories:
TripAdvisor breach sparks warning
Sky axes paid-for music service
£10 buys cyber crime toolkit
