As Alicia Keys Holds Off The Media, Hackers Get Closer
Multiple MySpace pages, including the official page of popular R&B singer Alicia Keys, have been hacked and are sending out both socially engineered attacks and behind-the-scenes exploits, a security researcher said late Thursday. Although it's unclear how the MySpace pages were originally attacked, they're now dangerous places to visit, said Roger Thompson, chief technology officer at Exploit Prevention Labs Inc. Among the attacks being served by Keys' page are Trojans that pose as new video codecs; when installed, they actually change the computer's Domain Name System settings to redirect future searches to unauthorized sites -- sometimes porn pages, other times URLs selling bogus security software. In an interview via instant messaging, Thompson spelled out the attackers' unique tactics. Rather than embed the script that redirects the user to the exploit site in an almost-invisible single-pixel IFRAME, this attack uses a huge 8,000-by-1,000-pixel background "href" tag. "Click anywhere but right on top of a control or link on [Keys'] page, and you end up at the exploit site," said Thompson. Because Keys' page, like many on MySpace, sports lots of audio and video content, a dialog box requesting that the user install a new ActiveX control or a codec wouldn't be suspicious, Thompson added. "You're already expecting a video, aren't you?" The codec angle, said Thompson, may point to the hackers who recently expanded their attacks from Windows-only to include Trojans targeting Mac owners. The attackers controlling Keys' page include code that "looks to see what the user agent is, and if it's Safari, they serve up a Mac Trojan," said Thompson. The exploit site, which carried a Chinese domain, was offline as of 8:00 p.m. EST. Keys' MySpace page had been cleansed of the attack script about an hour prior. According to Thompson, the Keys' page may have been infected as long as five days ago, when users of Exploit Prevention Labs' LinkScanner Pro exploit blocker began reporting that the software was warning of dangerous content on the MySpace site. Messages left with MySpace seeking comment were not returned.