Hackers seize Alicia Keys's MySpace page, launching malware attacks

Hackers seize Alicia Keys's MySpace page, launching malware attacks

Summary: Malicious hackers have seized control of several high-profile MySpace pages and using rigged image backgrounds to launch drive-by malware attacks.

SHARE:

Hackers seize Alicia KeysÂ’s MySpace page, launching malware attacksMalicious hackers have seized control of several high-profile MySpace pages and using rigged image backgrounds to launch drive-by malware attacks.

According to anti-malware guru Roger Thompson, the official MySpace page for singer Alicia Keys was among those booby-trapped to attack visitors who clicked almost anywhere on the site.

Thompson, chief technology officer at Atlanta, Ga.-based Exploit Prevention Labs, discovered that when a visitor loads the infected MySpace pages, they're first hit by an exploit that installs malware in the background if the user is running an unpatched Windows machine.

Next, the attackers use a fake codec to lure victims into manually launching an exploit. This will infect a fully patched machine because the social engineering lure ensures that victim willingly installs the malicious software.

[ SEE: Mac Attack: Porn video lures dropping DNS-changer Trojan ]

"The bad guys are using a creative hack we haven't seen before: The HTML in the page contains some sort of image map, which basically makes it so you can click on anything over a wide area on the page and your click is directed to the malicious hyperlink. We tested it and even the ads were affected," Thompson said.

"The fact that this site is media-rich, with lots of sound and videos means that the fake codec trick will be much more effective. The [surfer] is probably expecting to see a video, or hear a song, and is quite likely to think he genuinely needs to install something extra, Thompson added.

ALSO SEE: A video of the attack. Techmeme discussion.

* Image via the official (and clean) Alicia Keys Web site.

Topics: Security, Malware, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • OK so what to do, if anything? Disable Javascript? What?

    nt
    D T Schmitz
    • Try installing Linux?

      Or get a Mac
      whisperycat
      • No Guarantee

        OpenBSD and use lynx. Just text, no rich content,, but wham those pages display
        quickly.
        DannyO_0x98
  • Not Microsofts fault!

    We at Microsoft have been warning people for years about Alicia Keys! Her website is dangerous, her music is bubblegum, her yams are fantastic! But since you can't personally touch her yams (I have) you should stay away from anything to do with her and your computer will be OK!
    To see a history on this go to Alicia_dangerous.net or fakesteveballmer.blogspot.com
    Mr.Ballmer
  • I've seen VideoActiveX on lots of computers lately

    I wonder if this is where it is coming from
    I suspected myspace
    zmud
  • Additional information about the exploit

    More information about the files that are installed through the security hole:
    http://freefixer.com/blog/myspace-exploit/
    eogerka