Researchers at the Atlanta, GA-based Exploit Prevention Labs have discovered multiple hacked MySpace pages, including the personal page of the R&B artist. Also hacked were pages for Greements of Fortune, a French funk band, and Dykeenies, a rock band from Glasgow.
When visitors click almost anywhere on these infected site, they are directed to co8vd.cn/s, which appears to be a Chinese malware site. The visitors then see a box on their screen telling them they need to install a special codec to view the video – a legitimate possibility on any site rich in media. But if the visitor clicks ‘yes’, the site installs software that appears to be a rootkit and DNS changer. This would allow the hackers to take over what you see on your browser and what you download onto your computer.
“They are going to catch a lot of people with this one,” said Roger Thompson, chief technology officer of Exploit Prevent Labs. “This is a a very rich media page, as are most MySpace pages. There is every expectation you are going to see a video… It’s not at all unreasonable to think you might have to install something.”
Click here for Mr. Thompson’s video demonstration of the attack.
Mr. Thompson said MySpace is suffering from the major drawback to any practical, open platform for the masses. “Security and functionality exist in an inverse relationship,” he said. “The more functional you make anything, the less secure it tends to become.”
There is no explanation yet for how hackers injected their code into these MySpace pages. A MySpace spokeswoman said she would look into the matter.
UPDATE: MySpace believes members whose pages were infected with malware opened phishing emails and inadvertently installed the attack on their pages. In a statemennt, the company says: “Individuals who try to phish our members are violating the law and are not welcome on MySpace. We have blocked and removed the source of this phishing attempt and restored the profile.”
Tags:Hackers,MySpace ,Infect ,Alicia ,computer