Malware on MySpace Pages, Again!

An unknown group of hackers accessed the MySpace pages created for Grammy award winning singer Alicia Keys and some musicians of Europe. The attackers, who duped unwary visitors to make them install a rootkit program, carried out the hack on November 8, 2007, a security expert said.

XPL (Exploit Prevention Labs) discovered the Web-based attack to involve one of the many targeted pages on MySpace. Other targets were Glasgow rock music band Dykeenies and French band Greements of Fortune.

The case of malware injection to the MySpace site pages of Alicia Keys and the other musicians isn't the only one that compelled users of MySpace to face malicious software. Earlier in March this year, McAfee had reported about the increasing number of online fraudsters gaining ground on MySpace to launch attacks on members and capture their private information.

XPL's Chief Technology Officer, Roger Thompson, said that customers of the company's LinkScanner software had brought the issue to the notice of the company. The software is used to test if web pages contain malicious code, which the software then reports to XPL. Internet News reported this on November 9, 2007. The reported information is then passed to all LinkScanner users, thus ensuring protection to all, Thompson added.

However, Thompson pointed out this particular MySpace attack was not the same as others. According to him, it is not unusual when a page is hacked to insert an iframe. But this attack did not use an iframe but an image in the background that spread across the page. It was only when anyone clicked the wrong side of the page that the victim would be directed to the malicious site.

Thompson notes that since MySpace site pages are increasingly becoming grounds for multimedia and clutter files, it wouldn't be surprising if potential victims of the attack have to download a codec and consequently fall prey to the ploy. According to him, the number of infected pages was not known. Channel Register reported this on November 9, 2007.

Some earlier security problems on MySpace were a bug that created XSS worm and pages used for spreading spyware.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 11/26/2007