OMEN
11-01-2007, 10:28 AM
Several band profiles on MySpace have been hacked to serve up some nasty tricks, according to security vendor FaceTime Communications.
Several band profiles on MySpace have been hacked to serve up some nasty tricks, according to security vendor FaceTime Communications.
The bands' MySpace pages have a transparent overlay that, when clicked, either links to a Web site that tries to start downloading malware disguised as a media codec or attempts to exploit a browser security flaw, said Chris Boyd, security research manager with FaceTime.
When a cursor passes over part of the overlay, the IP (Internet Protocol) address for a Web server in China is shown in some browsers. However, the fake media codec site is hosted in Russia, Boyd said. He posted screenshots of the problem on his blog Wednesday.
At some point, the log-in details for the bands' pages must have been obtained, likely through a phishing attack, Boyd said.
"So far, I think we've seen around seven or eight music bands hacked -- not a huge number as it seems to be pretty fresh," Boyd said.
But if the hackers have the bands' log-in details, they can send bulletins to users who have joined the site as friends. Those bulletins are used to attract more people into visiting the infected pages and potentially downloading the malware. That could ramp up infection levels, Boyd said.
"It's a great hook for a malware writer to tap into," Boyd said.
MySpace officials could not immediately be reached for comment. Boyd said the company has been notified by FaceTime via e-mail.
IDG
Several band profiles on MySpace have been hacked to serve up some nasty tricks, according to security vendor FaceTime Communications.
The bands' MySpace pages have a transparent overlay that, when clicked, either links to a Web site that tries to start downloading malware disguised as a media codec or attempts to exploit a browser security flaw, said Chris Boyd, security research manager with FaceTime.
When a cursor passes over part of the overlay, the IP (Internet Protocol) address for a Web server in China is shown in some browsers. However, the fake media codec site is hosted in Russia, Boyd said. He posted screenshots of the problem on his blog Wednesday.
At some point, the log-in details for the bands' pages must have been obtained, likely through a phishing attack, Boyd said.
"So far, I think we've seen around seven or eight music bands hacked -- not a huge number as it seems to be pretty fresh," Boyd said.
But if the hackers have the bands' log-in details, they can send bulletins to users who have joined the site as friends. Those bulletins are used to attract more people into visiting the infected pages and potentially downloading the malware. That could ramp up infection levels, Boyd said.
"It's a great hook for a malware writer to tap into," Boyd said.
MySpace officials could not immediately be reached for comment. Boyd said the company has been notified by FaceTime via e-mail.
IDG