Skip to main content

Spotify users hit by drive-by malware attack

UPDATED 25-03-2011 18:23

Spotify has located the rogue advert and excised it from its platform, making the music flow safely once again. See the final paragraph for the company's latest comment.

Popular music-streaming service Spotify has been giving its users more than they bargained for after adverts on the service were found to be installing drive-by malware on victims' computers.

The attack, first noticed by web monitoring firm Netcraft, appears to have been under way for the last twenty-four hours, with users of the company's streaming software receiving unwanted malware from the adverts streamed alongside the music.

According to the company, at least two distinct strains of malware have been detected thus far: a Trojan Horse which attempts to open a back-door to the system and a generic exploitation toolkit that aims to enhance the permissions available to installed malware. Both are thought to only target systems running Windows.

The free streaming service generates revenue in two ways: paid membership and advertising. While those who have coughed up for a Premium membership are protected from the attack by dint of not receiving adverts in the first place, free users have been receiving the malware for at least a day.

"We're currently investigating and have pulled all third-party display ads that could have caused the problem until we locate the specific advert," a Spotify spokesperson told us at the time.

Since then, the company has been successful in finding and removing the rogue advert, and claims the issue is now resolved. "We sincerely apologise to any users affected," the spokesperson told us. "We'll continue working hard to ensure this does not happen again and that our users enjoy Spotify securely and in confidence."