News Factor Network 9/11/2007
Website: http://www.newsfactor.com
Attackers are piggybacking on the fame of R&B recording artist Alicia Keys to spread their malware over the Web. Keys' MySpace page has been infected with malicious software.
Exploit Prevention Labs discovered the attack, one of several targeted MySpace pages. French funk band Greements of Fortune and Glasgow rock band Dykeenies were also targets of the Web-based attack."When a visitor visits the infected page, they're first hit by an exploit which installs malware in the background if they're not fully patched against the latest security vulnerabilities, and next they're presented with a fake codec which tells them they need to install a codec to view the video," said Roger Thompson, CTO at Exploit Prevention Labs. "So even if they're patched, they can fall victim to the exploit."
One Hack After Another
Specifically, visitors to these MySpace pages are directed to co8vd.cn/s. This appears to be a Chinese malware site. If the visitors accept the code installation, the site installs malicious software. You can view a video demonstration of the attack on YouTube.
The hack has some interesting characteristics, Thompson explained. "Perhaps most interesting, the bad guys are using a creative hack we haven't seen before: The HTML in the page contains some sort of image map, which basically makes it so you can click on anything over a wide area on the page and your click is directed to the malicious hyperlink," he said. "We tested it and even the ads were affected."
MySpace officials could not immediately be reached for comment, but Thompson reported that the popular social-networking site fixed the pages in question within hours of the discovery. However, yet another hack was discovered just a few hours later, and a new image code has appeared that Thompson warned could be coming online soon.
Reviewing the History
MySpace is no stranger to malware writers. In March, McAfee reported the site is increasingly becoming an unhealthy breeding ground for the "scum of the Internet" by luring surfers to sexually explicit Web sites or trying to capture personal information from members that could lead to identity theft.
The rock band attack theme remains popular. In March, it was the French rock band MAMASAID that was used as a vehicle to download Trojans to unsuspecting members' computers. The Trojan JS/SpaceStalk worked through a feature in QuickTime that opens links automatically when a movie is run.
For its part in the security equation, Apple released an update to QuickTime earlier this week that fixed several security bugs. The 7.3 update plugs seven holes in the software, six of which could allow an attacker to run unauthorized software on a victim's PC.
Moving Forward
The Keys page hack on MySpace doesn't rely on QuickTime, but Thompson said the fact that the social-networking site is media-rich, with lots of sound and videos, makes the fake codec trick effective. The victim is likely to think he or she legitimately needs to download software to view the rich media.
"What's not clear at this point is how they're doing it, and how widespread it is. Neither Google nor MySpace seems to be indexing the critical bit of html," Thompson concluded. "If you search for the exploit site, the only results seem to be victims, or people talking about victims."
1 comment:
I have to say that for the past couple of hours i have been hooked by the amazing articles on this blog .
http://www.pc-safe.net/
Post a Comment