By Stevie Smith Nov 9, 2007, 13:33 GMT
The rocketing popularity of online social networking Web sites would appear to be attracting the attentions of the more nefarious elements of the hacking community this week, following news that MySpace has become the latest target for malware delivery.
Hackers attack the MySpace page of Alicia Keys, adding links that install malicious code on user systems. Credit: JRecords.
More pointedly, researchers at Exploit Prevention Labs (EPL) in Atlanta, Georgia, have uncovered numerous malicious hacks on music-related MySpace pages, including the page of award-winning R&B recording star Alicia Keys, a French funk band called Greements of Fortune, and rock group Dykeenies from Scotland.
According to a New York Times article, EPL has warned that visitors clicking on any of the hacked MySpace pages will be swiftly redirected to a harmful Chinese malware Web site, which presents the user with a pop-up message telling them they need to download a vital codec before viewing any related video media.
Should the user click ‘Yes’ the malicious site then installs what the researchers believe to be a rootkit and DNS changer, which will allow the waiting hackers to remotely gain control of the host computer’s Web browser and also control exactly what is subsequently downloaded into the user’s system.
What’s more, EPL suggests the nature of the media-rich environments generally associated with MySpace pages connected to legitimate recording artists will likely mean that a great deal of users are going to unwittingly fall prey to this particular attack when prompted to install what paints itself as an innocuous video codec.
"If you click anywhere outside a given control, [the malicious URL] will be the default control that it goes to," outlined Roger Thompson, chief technology officer at Exploit Prevention Labs. "It’s a really interesting technique and it’s going to catch a lot of people."
Thompson has written in more detail about the MySpace attack via his blog, and he has also handily posted a video demonstration of the attack in action, which you can view by clicking HERE.
"Security and functionality exist in an inverse relationship," explained Thompson regarding the potential vulnerabilities thrown up by practical and open platforms integrated into mass online consumption. "The more functional you make anything, the less secure it tends to become."
Currently, News Corporation-owned MySpace has not issued any official comment as to how hackers were able to place their nefarious code on such notable celebrity and media pages within its network.
Your Talkback on this Story