www.lyricspy.com installs spyware (only on windows systems, AFAIK) without any user interaction in internet explorer or firefox... probably in opera, too, but i don't have opera on this computer to test it...

how?

I just opened the page with a safe browser (Sam Spade 1.14) and I can't seem to find where it executes and javascript that may be malicious. All I've found is that the page was built originally as a Dreamweaver Template and they forgot to clean up the mess that it left behind, and some window resizing in the small amounts of javascript present.

Could >>1 please at least try to help source where this "spyware injection" occours in the page's code?

i don't know... i just know i clicked on a link to that site from google (and firefox was the only program i had running and that was the only thing open in it) and the yellow bar popped up in firefox saying firefox prevented the site from installing spyware and then some "TSA Installer" appeared in the system tray... and when i killed the process the machine blue-screened... it took me half an hour to get all the junk off that machine... and i know none of it was on there before because i just reinstalled windows the day before and the computer was not used at all until today...

Spyware? What is this... spyware... you speak of?

(And people wonder why Mac users are so devoted...)

>>5
Another "TSA Installer" horror story:
http://www.dvd.reviewer.co.uk/forums/thread.asp?Forum=292&Thread=373560&Type=1&NewPosts=1

btw do you have a firewall?

Was the name of the file tsa.exe?
If so it's a spyware that monitors browsing habits and distributes the data back to the author's servers for analysis.

I'm half tempted to have a look myself....But not on this machine of course.

The page loaded fine...I really fail to see the issue with it, maybe you already had this spyware from another site?

shrugs

>>8
the name of the file was "tsa_instaler.exe"

>>10
i reinstalled windows and then installed firefox and went straight to that site and it happened again...

firewall, firewall, do you have a firewall?

I did some testing, and I didn't seem to catch anything from going to the front page in either IE or Firefox, on XP or ME. However, these computers do sit behind quite a big firewall. Also, you said you followed a Google link - did this happen on a subpage or on the front page? I only viewed the front page.

>>13
no, i don't have a firewall

>>14
the first time it happened from a subpage, but then after i reinstalled windows and went to the site it happened on the front page.

>no, i don't have a firewall

ok then that's one big vulnerability right there.
Install a firewall, for example ZoneAlarm.

Next question will be: what version of Windows do you use?

>>16
perhaps you can recommend a firewall that would be free for me to install on this machine? it's at the school where i work... and http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=nav_za says "ZoneAlarm is free for individual and not-for-profit charitable entity use (excluding governmental entities and educational institutions)."
also, i'm using windows 2000.

>also, i'm using windows 2000.

Is it up-to-date on security patches against direct attack viruses like Blaster/Sasser?

>>18
yes, it is up to date.

>>19 is me, as you can see from the ID... for some reason the cookie didn't get set when i posted before...

The next step would be to install a firewall.
I don't know any free firewall for non-personal use but if it's the school computer they should get/buy a firewall asap. Non-firewalled computers become zombie computers in no time nowadays.
Then if the attack still happens with the firewall in place, we can start looking for jpeg exploits and similar nasties. Tho if you have your security patches up-to-date the jpeg exploit is less likely.
Oh wait... which version of Firefox are you using?

firefox 1.0

Ah. Then we are back to the firewall.