The MySpace pages for Grammy-winning R&B singer Alicia Keys and some European musicians were hacked on Thursday by an unknown group who tried to trick unwary visitors into installing a rootkit, according to a security expert.
Roger Thompson, chief technology officer of Exploit Prevention Labs (XPL), said the issue was brought to the company’s attention by customers who use XPL’s LinkScanner software, which examines pages for malicious code and reports them back to XPL. This information is then disseminated to LinkScanner users, thus protecting all of them.
Thompson noted that this attack was different from others. “It’s not unreasonable for a page to get hacked and an IFrame
The exploit site, based in China, would then attempt to install malware on the visitor’s computer if it was not properly patched. If it was fully patched, the site then said a codec
User gullibility is a major part of social engineering, and in this case, Thompson said it would be easy to be fooled. “Given it’s a media rich page, it’s not unreasonable for people to hit that button. Once you clicked that, it loaded the malware,” he said.
The malware included a rootkit and a change to the user’s DNS
Thompson said the problem surfaced on Thursday night, was fixed, came back, and was fixed again. MySpace had a very brief comment on the incident. “Individuals who try to phish our members are violating the law and are not welcome on MySpace. We have blocked and removed the source of this phishing attempt and restored the profile,” said a MySpace spokesperson in an e-mailed statement.
Thompson said he had not seen a hack like this before and was taking a cautious wait-and-see approach to whether it returns, either on Keyes page or anywhere else.