Hackers seize Alicia Keys's MySpace page, launching malware attacks

Summary:Malicious hackers have seized control of several high-profile MySpace pages and using rigged image backgrounds to launch drive-by malware attacks.

Hackers seize Alicia KeysÂ’s MySpace page, launching malware attacks
Malicious hackers have seized control of several high-profile MySpace pages and using rigged image backgrounds to launch drive-by malware attacks.

According to anti-malware guru Roger Thompson, the official MySpace page for singer Alicia Keys was among those booby-trapped to attack visitors who clicked almost anywhere on the site.

Thompson, chief technology officer at Atlanta, Ga.-based Exploit Prevention Labs, discovered that when a visitor loads the infected MySpace pages, they're first hit by an exploit that installs malware in the background if the user is running an unpatched Windows machine.

Next, the attackers use a fake codec to lure victims into manually launching an exploit. This will infect a fully patched machine because the social engineering lure ensures that victim willingly installs the malicious software.

[ SEE: Mac Attack: Porn video lures dropping DNS-changer Trojan ]

"The bad guys are using a creative hack we haven't seen before: The HTML in the page contains some sort of image map, which basically makes it so you can click on anything over a wide area on the page and your click is directed to the malicious hyperlink. We tested it and even the ads were affected," Thompson said.

"The fact that this site is media-rich, with lots of sound and videos means that the fake codec trick will be much more effective. The [surfer] is probably expecting to see a video, or hear a song, and is quite likely to think he genuinely needs to install something extra, Thompson added.

ALSO SEE: A video of the attack. Techmeme discussion.

* Image via the official (and clean) Alicia Keys Web site.

Topics: Security, Malware, Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.