MySpace Hacks on the Rise - Musicians Hit
Roger Thompson at Exploit Prevention Labs has discovered multiple hacked MySpace pages, including MySpace's #4 most popular major music artist Alicia Keys. Other bands hit include Greements of Fortune (a French funk band) and Dykeenies (a rock band from Glasgow).
Roger noted that "attacks on MySpace seem to be on the rise." He says that the current hack, affecting Alicia Keys' MySpace page and others, is an image-background link which, when clicked, entices users to install a fake codec - which then infects the user's computer. He calls it a "FakeCodec trick" and here's how it works: if a user clicks on a MySpace page and slightly misses a control or link on that page, they have clicked the image-bg link and are then taken instead to the exploit site. Roger explains more in this video:
To summarize, when a user visits the infected page, they're first hit by an exploit (which installs malware in the background if they're not fully patched against the latest security vulnerabilities), and next they're presented with a Fake Codec which tells them they need to install a codec to view a video. So even if they're patched, they can fall victim to the exploit.
Roger said via an email that "it's MySpace that has been hacked, as opposed to the bad guys getting the usernames and passwords of a few bands".
The fact that MySpace is media-rich, with lots of sound and videos, means that the FakeCodec trick will be much more effective -- said Roger on his blog. The user, when clicking on the page, will expect to see a video or hear a song - but the hack will make them think they need to install something extra.
Let us know in the comments if you've heard of other MySpace hacks recently - or Facebook hacks for that matter.
Share
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
Interestingly, their tactic does not work for those using Windows Vista with the latest security patches.
So as Vista becomes adopted widely - this sort of thing may not be as effective as it is in the XP dominated era
Surprising that myspace - which allows practically nothing to except plain html - to have such a problem. However, given the volume of information they have to handle, the "relative" lack of security issues is impressive.
Any type of illegal hacking is especially bad, there shouldn't be any reason for someone to resort to such measures of deception and thievery, in order to get what is not "rightfully" their's, but what's worse, is an internet corporation, that willingly allows any of its memebrs to post nazi racist symbols or lewd and sick porno pictures on their site, without properly screening such new material ahead of time and rejecting it before it is visable to other members, especially when such postings are easily visible to young children surfing the internet and in unrestricted to viewers sites.
How would you feel if you were a Holocaust survivor that had escaped NAZI persecution during World War II and are now involved in working for a major corporation/US Government, and see such things posted on the site you had been interested in placing your company ads with? Would you still place such ads on an internet service that allowed this kind of rude and disrespectful behavior on their sites?
I don't speak with a forked tongue, I have the proof that backs me up with this statement. Now, I am considering exactly how I should use it against such a company that allows such hurtful things to be posted on their site.
If you were an investor looking for an internet service provider to invest in and you found out such things about an internet company, ahead of time, would you still be interested in investing your money in such a company, knowing, ahead of time, the types of postings they allowed on their site?
If you were a major company in your particular field and were considering placing expensive ads on such a site for your products or services being offered to the public, and you knew, ahead of time that the site you intended to post your ads on allowed such rude and disrespectful behavior on it, would you still go ahead and post your company ads?
I wouldn't because I have pride, respect and integrity in what I do, and would not want my product or services to be associated in any way, shape or form with a internet company that allowed things like this to be posted on their sites, without checking it out before allowing it to be posted.
Does this make sense?
Do you agree?
This particular Internet company is being investigated by the House Foreign Affairs Committee, Chairman Tom Lantos,
regarding the revealing of personal information on their users to the Chinese Secret Police that resulted in several innocent reporters being arrested, tortured and sentenced to prison terms in Chinese Prisons.
This Internet company is also being sued for unspecified damages resulting from this China incident, which the committee members have strongly advised the company executives to settle with and to be very, very generous with the settlement.
Two recent corporations just signed up with this Internet Company to place ads with them, they are:
Forbes.com
WebMD Health Corp.
Makes me now wonder about these two companies abilities, in making business decisions that may very well affect all of their own members!
Thank you
David Williams
This Internet company recently settled out of cort for the amount of $4 million dollars with an inventor who had brought them a new idea that would help to expand their viewers audiences, and the company turned the inventor down and told him they were not interested in his idea, only to turn right around and use the idea for themselves, without compensating the inventor. The Inventor filed a lawsuit against this Internet company and rather then allow this case to go to court, the executives of this Internet company quickly agreed to a settlement with the Inventor, admitting no wrong, of course. If they were not guilty of doing this, then why agree to pay a sum of $4 million dollars to settle it out of court, why not go to court and defend yourself against it?
Action speaks louder then words!
And, last but not least, this same Internet Company is again being sued for posting false female ads on their Personals Site, that would attract male members that would pay money to join this Personals Site! Have they no shame? Is deception part of their company policies?
Can you really trust a company like this to be honest and fair with you?
I think not!
Thank you,
David Williams
Freedom of Speech is a wonderful right to have in a free society such as the United States of America, and when you bring truthful facts to the public's immediate attention and these facts are 100% TRUE, why did this Internet Service Company do whatever they could to surpress your rights to Freedom of Speech?
Are they doing the same exact thing that the Chinese governemnt is doing to their own people, but over here in the good ole USA and to American Citizens, when they themselves are an American based corporation!
Where do you draw the line with American based companies that do things like this?
How do such people live among us and still enjoy the Freedoms of this country when in reality they practice something altogether different with their viewers in China and the USA?
Would you consider these people to be American's?
And why would the employees of this Internet company do whatever they could to hide the true facts pertaining to this very Public information on their Internet Q&A Site?
Why do they surpress the truth from being known to all their viewers, the similar methods used by the Chinese government to surpress the jailed reporters truths in China?
How are they any different from the Chinese secret police?
Thank you,
David Williams
If you'd like to contact this Internet Comapny about anything, the mailing address is listed below:
Yahoo! Inc.
701 1st Avenue
Sunnyvale, CA 94089
Tel: # 408-349-3300
Fax # 408-349-3301
http:///www.yahoo.com
The Yahoo! Inc., Chairman Jerry Yang told the members of the House Foreign Affairs Committee that on his Internet Service, everyone is entitled to Free Expression and Privacy!And, they do not committ human rights abuses!
I guess its easier to say these words then to actually do them, isn't it?
More information about the files that are installed through the security hole:
http://freefixer.com/blog/myspace-exploit/