We speculated on this last week. It’s true.
From the FTC:
Outfit Used Unsuspecting Bloggers to Spread its Malicious Code
An operation that uses the lure of free lyric files, browser upgrades, and ring tones to download spyware and adware on consumers’ computers has been ordered to halt its illegal downloads by a U.S. District Court at the request of the Federal Trade Commission. The court also halted the deceptive downloads of an affiliate who helped spread the malicious software by offering blogs free background music. The music code downloaded by the blogs was bundled with a program that flashed warnings to consumers who visited the blog sites about the security of their computer systems. Consumers who opted to upgrade by clicking, downloaded the spyware onto their computers. The court has frozen the organization’s assets pending a further hearing. The FTC will seek to bar the deceptive and unfair practices permanently and require the operators to give up their ill-gotten gains.
The FTC complaint alleges that the Web sites of the defendants and their affiliates cause “installation boxes” to pop up on consumers’ computer screens. In one variation of the scheme, the installation boxes offer a variety of “freeware,” including music files, cell phone ring tones, photographs, wallpaper, and song lyrics. In another, the boxes warn that consumers’ Internet browsers are defective, and claim to offer free browser upgrades or security patches. Consumers who download the supposed freeware or security upgrades do not receive what they are promised; instead, their computers are infected with spyware.