The MySpace pages of several musicians, including the personal page of R&B songstress Alicia Keys, were targeted this week by hackers as part of a scheme to spread socially engineered attacks and render the computers of visitors to these pages vulnerable to future invasions, according to The New York Times.
While it was unclear at press time how the pages were compromised, experts warn that they're now very dangerous places to visit online. Among the attacks being served by Keys' page (and those of French funk band Greements of Fortune and Scottish rock band the Dykeenies) are Trojan horses disguised as new video codecs.
When someone tries to access one of the hacked sites, an exploit first attempts to install malware (malicious software) on the visitor's computer. If that doesn't work, the user is next asked to install a fake codec to view a video posted on the page, according to the Times. When installed, these malicious programs actually change the computer's Domain Name System settings to redirect future searches to unauthorized sites — including porn Web sites and URLs selling bogus security software — thus allowing hackers to take over what users see on their browsers and what they download onto their computers.
Clicking almost anywhere on these infected MySpace pages directs the visitors to co8vd.cn/s, which the Times claims is a Chinese malware site. The affected pages were flagged by users of Exploit Prevention Labs' LinkScanner software, which blocks pages containing malicious code. According to Roger Thompson, chief technology officer of LinkScanner.com, users who've taken precautions to avoid such attacks may still be vulnerable, as unpatched PCs vulnerable to existing exploits can also be infected.
"They're using an exploit to install software in the background," Thompson said on his blog. "So they get you one way or the other. They are going to catch a lot of people with this one. This is a very rich media page, as are most MySpace pages. There is every expectation you are going to see a video. ... It's not at all unreasonable to think you might have to install something."
While Keys' MySpace page has been wiped clean of the attack script, Thompson claims it may have been infected as long as five days ago. Still, Thompson told PC World that he'll be keeping an eye on it over the next few days, as it's possible the page could be infected again. Thompson told the magazine that he believes this was a hack of MySpace itself, and not a situation where attackers simply uncovered the user names and passwords for those pages.
A MySpace spokesperson told PC World that the company is taking measures to prevent future attacks.
"Individuals who try to phish our members are violating the law and are not welcome on MySpace," the spokesperson said. "We have blocked and removed the source of this phishing attempt and restored the profile."
According to Thompson, these recent attacks are par for the course for a site like MySpace and any other practical, open platform for the masses that exists on the ether, the Times reports. "Security and functionality exist in an inverse relationship," he explained. "The more functional you make anything, the less secure it tends to become."