[ insider_reports_insider ]
Alicia Keys Victimized By MySpace Hack
David Utter
Staff Writer
2007-11-09
 Insider Reports RSS Feed
The injection of a large image background on a page full of rich media content from the Grammy winning musician included a link to a malware server in China.
 | | Alicia Keys Victimized By MySpace Hack |  |
Through the placement of the added background image on Keys' MySpace page, anyone who clicked on part of the page that did not have a control or link would be clicking on the exploit link instead.
Roger Thompson of Exploit Prevention Labs has placed a video online that demonstrates the danger of the hack on Keys' page.
He noted the usual approach attackers take uses an iframe to enable an exploit of a machine visiting the infected page. In this example, only a background image href has been added.
Clicking that href on an unprotected machine will cause the browser to try and load a fake media codec, really a Trojan in disguise. Thompson thinks this would lead to a rootkit being installed, and probably DNS-changers that redirect legitimate URLs to different destinations.
It isn't known how widespread this fake codec link is on MySpace or elsewhere, or how the attackers have managed to place the background image href on profiles. Unfortunately it's another reason for security pros in the enterprise to be concerned about MySpace visits from their machines, should an existing security solution miss this exploit.
Update: Chris "Paperghost" Boyd picked up on this several days ahead of the problem hitting Alicia Keys' profile. You can read more at his SpywareGuide post.
View All Articles by David Utter
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
