Original URL: http://www.channelregister.co.uk/2007/11/09/myspace_trojan_hack/
This story was updated on Saturday, 10th November 2007 00:21 GMT to report additional details.
Multiple MySpace pages have been hacked in a bid to spread malware.
Targeted pages, including the site of R&B star Alicia Keys, have been loaded with links to Trojan horse malware that poses as a fake codec. As well as attempting to load the malware through a browser exploit the booby-trapped sites also attempt to trick users into downloading the fake codec.
Instead of using an iFrame injection method the poisoned profile uses an image map, so users clicking on anything over an area of a contaminated profile close to a pukka link will be taken to a maliciously-constructed website, hosted in China. The attack was discovered by Roger Thompson of Exploit Prevention Labs, who's posted an explanation of the attack along with a video here (http://explabs.blogspot.com/2007/11/alicia-keys-myspace-page-is-hacked.html).
The discovery comes more than a week after researcher Chris Boyd published this post (http://blog.spywareguide.com/2007/10/bandjammer_hacking_a_myspace_m.html) found similar shenanigans on myspace pages. The pages, Boyd found, had transparent overlays that linked to websites that tried to install malware, either by tricking a user into installing faux media codecs or by attempting to exploit vulnerable browsers. Thompson issued an apology (http://explabs.blogspot.com/2007/11/whoops-sorry-chris.html) to Boyd. "I didn't steal any of your work, and didn't mean to steal your thunder," he wrote.
As Thompson notes the beauty of the attack is that MySpace pages are such a pig's breakfast of clutter and multimedia files that would-be victims won't be surprised about having to load a codec and therefore all the more likely to fall for the ploy. It's unclear how many pages have been infected.
MySpace has increasingly become the subject of security concerns. In October 2005, a bug in MySpace's site design was misused to create a self-propagating cross-site scripting worm. More recently MySpace pages have been used to spread spyware, a trend continued in a more sophisticated form with the latest fake codecs attack. ®
MySpace fraudster indicted in teen's suicide (15 May 2008)
http://www.channelregister.co.uk/2008/05/15/myspace_cyber_bully_charged/
Compromised legit sites power hack attacks (8 April 2008)
http://www.channelregister.co.uk/2008/04/08/symantec_threat_report/
Trend Micro gets slashed in attack of the killer iframes (13 March 2008)
http://www.channelregister.co.uk/2008/03/13/trend_micro_website_infected/
Image uploader bug blights MySpace (1 February 2008)
http://www.channelregister.co.uk/2008/02/01/myspace_image_uploader_bug/
MySpace reveals child predator blocks (14 January 2008)
http://www.channelregister.co.uk/2008/01/14/myspace_offender_safeguards/
Ichitaro vuln used to launch Trojan (18 December 2007)
http://www.channelregister.co.uk/2007/12/18/ichitaro_trojan/
Media player users beware: more vulns ahead (10 December 2007)
http://www.channelregister.co.uk/2007/12/10/3ivx_mp4_vuln/
MySpace celebrity hacker downs hacking forum (7 December 2007)
http://www.channelregister.co.uk/2007/12/07/myspace_celebrity_hack/
Grisoft acquires LinkScanner (5 December 2007)
http://www.channelregister.co.uk/2007/12/05/grisoft_buys_epl/
Pedophile gets 110 years in MySpace extortion scheme (3 December 2007)
http://www.channelregister.co.uk/2007/12/03/hacker_gets_110_years/
Fake smut codec ruse used to punt Google Pack (12 November 2007)
http://www.channelregister.co.uk/2007/11/12/google_pack_fake_codec_ruse/
Beautiful faces, Trojans and Fasthosts (19 October 2007)
http://www.theregister.co.uk/2007/10/19/weekly_19oct/
NY probes Facebook over pedophile controls (25 September 2007)
http://www.theregister.co.uk/2007/09/25/facebook_subpoena/
MySpace erases 29,000 sex offenders (25 July 2007)
http://www.channelregister.co.uk/2007/07/25/myspace_erases_offenders/
Facebook found pimping crudware (11 July 2007)
http://www.channelregister.co.uk/2007/07/11/facebook_serves_crudware_ads/
Senior execs targeted in 'precision' malware attacks (2 July 2007)
http://www.channelregister.co.uk/2007/07/02/personal_malware/
Worms 2.0! (27 June 2007)
http://www.channelregister.co.uk/2007/06/27/wade_alcorn_metasploit_interview/
Google goes spear phishing on MySpace (12 June 2007)
http://www.channelregister.co.uk/2007/06/12/myspace_phishing_/
Grifters find rich pickings on social networking sites (17 May 2007)
http://www.channelregister.co.uk/2007/05/17/social_networking_hack_risk/
Social networkers risk losing their identities (4 October 2006)
http://www.channelregister.co.uk/2006/10/04/social_networking_security_survey/
© Copyright 2008