Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Networking
    • PC Hardware

    Singers MySpace Page Hacked, Cleaned, Rehacked

    By
    Lisa Vaas
    -
    November 9, 2007
    Share
    Facebook
    Twitter
    Linkedin

      MySpace has been breached by an attacker whos planted malware and a fake codec on a number of musicians sites, most notably, that of Alicia Keys, a popular singer whose site was booby-trapped, cleaned up for a few hours and promptly rehacked.

      Exploit Prevention Labs Roger Thompson said in a Nov. 8 posting that MySpace fixed Keys page, which had been rigged with an HREF image reference to the co8vd.cn/s/ fake codec, within hours of EPLs having posted a videotape of the exploit.

      Hours after getting cleaned up, the site was once again crawling with malware that would snare anybody with an unpatched system who even came close to clicking on anything on the page. Thats because of a new twist that an EPL spokesman said hasnt been seen before: The HTML in the page contains some sort of very large image map that spans 8,000-by-1,000 pixels.

      “A click that slightly misses a control or link on the page ends up going to the exploit site,” Thompson said in his posting about the initial site compromise.

      The malware is being hosted in China and is installing rootkits and probably DNS (Domain Name System) changers, he said. DNS changers are the same thing being installed by a well-known family of Windows Trojans, the controllers of which have recently started targeting Macs as well.

      DNS changers are also a well-known calling card of the Russian Business Network, an infamous ISP that hosts a gamut of online nastyware, from child porn sites to money laundering.

      “This could easily be the same group that recently started watching for Mac users and offering a Mac Trojan as needed, and if thats so, will also add to the effectiveness of the attack,” Thompson wrote.

      The original hack—to the co8vd.cn/s/ HTML image reference—disappeared from the HTML after MySpace cleaned it up, only to be replaced with a similar HREF image reference, to acilot.cn/s/, within a few hours of being clean.

      When a visitor visits the infected page, theyre first hit by an exploit that installs malware in the background if their system is not fully patched against the latest security vulnerabilities. The victim is next presented with the fake codec, with a message telling them they need to install a codec to view the video. The attack is thus multilayered and still has a chance to ensnare users with fully patched systems if they click on the fake codec.

      The chance that a MySpace user would click on a link to download a codec are good, Thompson said.

      “The fact that this site is media-rich, with lots of sound and videos, means that the fake codec trick will be much more effective,” he said in his first posting. “The clicker is probably expecting to see a or hear a song and is quite likely to think he genuinely needs to install something extra.”

      MySpace has been the target of a rising number of attacks, Thompson said, including a number of links added purportedly as comments from friends at the end of October. Those bogus comments linked via MySpaces open-redirector (MSPlnks) to exploit sites in China, he said.

      The intricacies of the URLs led to it being impossible for humans to detect the bad links. “All myspace friend-comments seem to automatically redirect thru MSPlinks, probably as a way to try to filter out spam and phishing, but a downside is that the URL is base64-encoded, and is thus impossible for a human being to eyeball, and therefore possibly reject … the effect of the well-intentioned msplinks is thus to make an open-redirector,” Thompson said.

      In June, MySpace was also hit by a worm that was turning users sites into bots to serve phishing scams and viruses, using “fast flux” to hide its phishing and malware delivery sites behind ever-shifting networks of proxy servers that are next to impossible to track down.

      The current attack is worrisome in that it doesnt amount to a simple case of crooks getting their hands on musicians user names and passwords. Other bands that have been hit by the same attacker or attackers include the French funk band Greements of Fortune and the Glasgow rock band Dykeenies.

      Whats not clear, Thompson said, is how the attackers are compromising MySpace, nor how widespread the attack is, given that neither Google nor MySpace was indexing the malevolent piece of HTML as of Nov. 8. A quick Google search Nov. 9 similarly led only to victims testimony or news reports.

      MySpace provided a statement that gave no clue as to how widespread the attack has been, how many sites were affected, nor how the attackers penetrated MySpaces defenses twice in a few hours. The company did say, however, that phishing is illegal and that MySpace doesnt like it.

      “Individuals who try to phish our members are violating the law and are not welcome on MySpace. We have blocked and removed the source of this phishing attempt and restored the profile,” the statement reads.

      Editors Note: This story was updated to include MySpaces statement.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×