Several bloggers are reporting today a MySpace hacking scheme in which malware writers embed Flash-based malicious code in profiles and redirect victims to an online tirade concerning the Sept. 11, 2001 terrorist attacks.
When logged-in users of the popular social networking site visit one of these "hacked" profiles, they are redirected to a blog containing conspiracy theories that the U.S. government orchestrated the attacks, according to security blog ChaseAndSam.com. In addition, those individuals visiting profiles that contain the malicious code will have their own profiles corrupted.
The problem can be solved by removing the code from a user's "About Me" section in their profile, according to ChaseAndSam.com.
For some time, security experts have predicted Fox Interactive Media's MySpace, with more than 70 million members, will continue to grow as an attack vector. MySpace is the world's No.1 most visited website, accounting 4.46 percent of all U.S. web visits earlier this month, according to internet tracking firm Hitwise.
Recognizing the need for more controls, MySpace recently hired its first CSO.
As its popularity has grown, MySpace has been the target of instant messenger attacks, as well as other malware.
