Malware stopped the music at Spotify.com – especially for listeners in Sweden and the UK.
According to the avast! Virus Lab, the majority of Spotify users reporting the malware were in Sweden (59%), followed by a large group (40%) in the UK. The remaining 1% came from other countries. There were no reports from France – an interesting twist due to the large avast! user base there.
The poisoned ads were likely served up in specific geographic areas, resulting in the predominance of Swedish and UK reports. Geographic dispersal is a function of how and where Spotify operates as they don’t have the right to distribute music in the United States.
The malware was contained in a poisoned advertisement, with the PDF exploit “JS:Pdfka-gen [Expl]“, attempting to put a fake antivirus on visitors’ computers. According to VirusTotal, we were the first ones to detect the pdf. The attack took place during the week of March 21, 2011.
For a detailed report on the Spotify attack, read the websense.com report.