MySpace Page For Alicia Keys Hacked

The MySpace pages for Grammy-winning R&B singer Alicia Keys and some European musicians were hacked on Thursday by an unknown group who tried to trick unwary visitors into installing a rootkit, according to a security expert.

Roger Thompson, chief technology officer of Exploit Prevention Labs (XPL), said the issue was brought to the company’s attention by customers who use XPL’s LinkScanner software, which examines pages for malicious code and reports them back to XPL. This information is then disseminated to LinkScanner users, thus protecting all of them.

Thompson noted that this attack was different from others. “It’s not unreasonable for a page to get hacked and an IFrame  to be inserted to call out to other places. This was not an IFrame, it was a background image that covered much of the page. If you clicked the wrong part of the page, you went to the exploit site instead.”

The exploit site, based in China, would then attempt to install malware on the visitor’s computer if it was not properly patched. If it was fully patched, the site then said a codec  was needed to view the site’s contents, and it asked the user to download and install the “codec.”

User gullibility is a major part of social engineering, and in this case, Thompson said it would be easy to be fooled. “Given it’s a media rich page, it’s not unreasonable for people to hit that button. Once you clicked that, it loaded the malware,” he said.

The malware included a rootkit and a change to the user’s DNS . By changing the DNS, attempts to reach legitimate sites, like a bank, could be redirected to a fake front made to look like that bank, where the user’s login information could be stolen.

Thompson said the problem surfaced on Thursday night, was fixed, came back, and was fixed again. MySpace had a very brief comment on the incident. “Individuals who try to phish our members are violating the law and are not welcome on MySpace. We have blocked and removed the source of this phishing attempt and restored the profile,” said a MySpace spokesperson in an e-mailed statement.

Thompson said he had not seen a hack like this before and was taking a cautious wait-and-see approach to whether it returns, either on Keyes page or anywhere else.