Incident Response, TDR

MySpace fixes Alicia Keys’ page after cyberattack

Updated Nov. 12, 2007, at 2:27 p.m. EST.

MySpace.com has cleaned up multiple attacks on some its most popular music pages, including that of Alicia Keys.

Keys' page, ranked as the fourth-most popular music page on the site, was hacked along with those of lesser known bands on Thursday, according to Roger Thompson, chief technology officer at Exploit Prevention Labs.

After MySpace cleaned up the page, attackers again infected Key's page a few hours later, according to Thompson.

Thompson credited Chris Boyd of Vitalsecurity.org, also the director of malware research at FaceTime Security Labs, fordiscovering the attack.

Visitors were first targeted by an exploit that installs malware on unpatched PCs, then presented with a fake codec and told they need to install the codec to view a music video, according to Thompson.

Exploit Prevention Labs, a malware detection vendor, disclosed on Thursday that attackers exploited the page's HTML so that a wide area of the page redirected users to a malicious website, co8vd[dot]com.

Attackers redirected users to a different URL in their second attack on the site.

Thompson told SCMagazineUS.com today that the attack is an example of the cybercriminals' shrewdness.

“It was infected for a few days, and then it got someone's attention yesterday and it was fixed – and within a couple of hours, it was attacked again,” he said. “It just indicates the overall caginess of the bad guys.”

MySpace is no stranger to cyberattackers. The man who is believed to be the creator of the first self-propagating cross-site scripting worm, Samy Kamkar, was sentenced to three years of probation in February for unleashing an October 2005 attack on the social networking site.

The website, a division of News Corp., released a statement today saying it has cleaned up the infected page.

“Individuals who try to phish our members are violating the law and are not welcome on MySpace,” the statement read. “We have blocked and removed the source of this phishing attempt and restored the profile.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.