MySpace problems began days before Alicia Keys hack

The problems that plagued Alicia Keys' MySpace profile have been around for more than a week, affecting other musical acts.

The widely reported problems with pop singer Alicia Keys' MySpace profile have been cropping up on the social networking site for the past ten days and are likely to continue, a security expert said Friday.

Chris Boyd, a researcher at FaceTime Communications, blogged about the problem on October 31 and has tracked a number of musicians' MySpace profiles that have been compromised since then.

As with the Alicia Keys hack, which was discovered Thursday by Exploit Prevention Labs, these pages try to install malicious software on the victim's PC. If the victim's software is not fully patched, this can happen silently, but if that fails, the sites will tell the victim that he needs to install a video codec. That file is actually malware, researchers say.

In all cases, hackers used the same background, the same Web code and the same malicious payload. "It's the exact same hijack," Boyd said via instant message.

But one difference has been the amount of pain experienced by the bands after they were hacked. While the Alicia Keys site was repaired and up and running on Thursday -- the same day that the problem was publicly reported -- smaller bands that have fallen victim to the hackers have had to restart their MySpace profiles from scratch.

Vaughn Atkinson, guitarist with the band JetKing, said he spent a few days trying to get MySpace administrators to restore his band's page from backup, without success. "It's messed with a lot of our networking with promoters and venues," he said in an interview. "It's important to a band's credibility ... if you have all that data wiped out, you are kind of back to square one in the eyes of people."

Nobody knows exactly how the MySpace pages were compromised. MySpace representatives suggested that victims may have accidentally handed over credentials after falling victim to phishing e-mails.

Exploit Prevention Labs Chief Technology Officer Roger Thompson believes phishing may be the cause of the compromise, but Boyd said that there may be an underlying bug in the MySpace site design. "They may be able to remove the code, but there's no indication from MySpace that the flaw allowing the hackers to hijack the pages has been fixed," Boyd said.

MySpace offers users an incredibly rich level of customization on their profile sites, but those capabilities can sometimes be misused by attackers, security experts say. That's what happened in 2005 when Samy Kamkar discovered how to sneak JavaScript code onto his MySpace profile, creating the social network's first-ever worm.

The fact that Keys' site was up and running so quickly is going to "create a lot of bad feelings" from bands such as JetKing that have been unable to restore their profiles, Boyd said.

Vaughn said he and other musicians were unhappy that MySpace had been unable to restore their profiles. "Everyone's resigned themselves to the fact that MySpace has done absolutely nothing," he said. "I'm sure if we were a big band like Coldplay or Michael Jackson, they'd have done it in five minutes."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?