Alicia Keys' MySpace page hacked, serves up attacks

Sites spewing socially engineered attacks and behind-the-scenes drive-by exploits

Multiple MySpace pages, including the official page of popular R&B singer Alicia Keys, have been hacked and are spewing both socially engineered attacks and behind-the-scenes drive-by exploits, a security researcher said.

Although it's unclear how the MySpace pages were originally compromised, they're now dangerous places to visit, said Roger Thompson, chief technology officer at Exploit Prevention Labs Inc. Among the attacks being served by Keys' page are Trojans that pose as new video codecs; when installed, they actually change the computer's Domain Name System settings to redirect future searches to unauthorized sites -- sometimes porn pages, other times URLs selling bogus security software.

Users wary enough to avoid those attacks may still be nailed, said Thompson, who described how unpatched PCs vulnerable to existing exploits are also infected. "They're using an exploit to install software in the background," he said in a video demonstration of the attack posted on his blog. "So they get you one way or the other."

Talking via instant messaging, Thompson spelled out the attackers' unique tactics. Rather than embed the script that redirects the user to the exploit site in an almost-invisible single-pixel IFRAME, this attack uses a huge 8,000-by-1,000-pixel background "href" tag. "Click anywhere but right on top of a control or link on [Keys'] page, and you end up at the exploit site," said Thompson.

Because Keys' page, like many on MySpace, sports lots of audio and video content, a dialog box requesting that the user install a new ActiveX control or a codec wouldn't be suspicious, Thompson added. "You're already expecting a video, aren't you?"

The codec angle, said Thompson, may point to the hackers who recently expanded their attacks from Windows-only to include Trojans targeting Mac owners. The attackers controlling Keys' page include code that "looks to see what the user agent is, and if it's Safari, they serve up a Mac Trojan," said Thompson.

It was only a week ago that several security vendors, Mac-specific Intego first among them, reported the appearance of a codec Trojan written for Mac OS X.

The exploit site, which carried a Chinese domain, was offline as of 8:00 p.m. EST. Keys' MySpace page had been cleansed of the attack script about an hour prior. According to Thompson, the Keys' page may have been infected as long as five days ago, when users of Exploit Prevention Labs' LinkScanner Pro exploit blocker began reporting that the software was warning of dangerous content on the MySpace site.

Messages left with MySpace seeking comment were not returned.

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?