« Previous post
Next post »

November 8, 2007

MySpace Page for Alicia Keys “Hacked”

Mark Hendrickson

26 comments »

Roger Thompson of a company called Exploit Prevention Labs has posted a video (above) explaining how Alicia Keys’ MySpace page was hacked, although not in the sense that anybody gained actual control over the page.

Rather, someone managed to get a link onto the page that became activated no matter where the user clicked. Users who tried to play any of the multimedia embeds on the page were redirected to a Chinese website that prompted them to install an ActiveX component. Since this ActiveX component appeared to be from the Alicia Key page and necessary to play the multimedia, many users were prone to confirming the installation thereby compromising their computers’ security.

Thompson notes that MySpace pages are particular prone to such exploits because their complexity can lead to user confusion. Since this video has been published by a company that sells software to prevent such exploits, I’m a bit wary to believe his suggestion that such attacks are on the rise (although they very well could be). In any case, it serves as a good reminder to all of us never to install software, ActiveX or not, from untrusted websites, among which you should count MySpace and other social networks.

This is not the first time we’ve seen MySpace pages messed with in ways that border on hacking. Last March John McCain found his MySpace page inadvertently promoting a position he had not officially taken.

CrunchBase Information
MySpace
Information provided by CrunchBase
  • Sphere It

This entry was posted on Thursday, November 8th, 2007 at 5:33 pm and is filed under Company & Product Profiles. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Trackbacks/Pings (Trackback URL)

  1. MySpace发现新的诱骗方式 | 过门网 blog

    November 28th, 2007 at 1:44 pm

  2. » From the floor at RSA: a good-guy rootkit

    April 8th, 2008 at 3:14 pm

  3. Barack Obama’s Site Hacked, Redirected to Clinton’s. Nobody’s laughing? | Blaglash.com

    April 21st, 2008 at 2:17 pm

Comments

RSS feed for comments on this post.

  1. Allen Stern

    November 8th, 2007 at 5:47 pm

    fyi, i wrote about the hack as well (click my name) - what’s amazing about it is that it uses simple html and css positioning - no script code required. Pretty scary stuff.

  2. www.carversation.com

    November 8th, 2007 at 6:03 pm

    SUX SUX

  3. Ryan Merket

    November 8th, 2007 at 6:07 pm

    Yeah and OpenSocial is VERY Open — see my blog for more:
    http://www.ryanmerket.com/blog

  4. Fabian Schonholz

    November 8th, 2007 at 6:37 pm

    Open is good … not an excuse for not secure.

  5. Tampa Web Site Design

    November 8th, 2007 at 6:45 pm

    Yes I agree

  6. David Mackey

    November 8th, 2007 at 6:46 pm

    I hate MySpace, though they have been doing a decent job recently - though just catching up with Facebook. McCain wasn’t a hack at all, he was leeching someone else’s image.

  7. True

    November 8th, 2007 at 7:04 pm

    Yes, McCain’s wasn’t a hack. Mike Davidson just changed the image that McCain was leeching. That’s not a hack at all.

  8. Mike Soffis

    November 8th, 2007 at 7:50 pm

    So what

  9. Mike Soffis

    November 8th, 2007 at 7:51 pm

    by the way - stern. Stop being a TC groupie.

  10. Yang Huang

    November 8th, 2007 at 8:30 pm

    This is what happens when you adopt music as a mainstream factor in a social platform. Reason why never happens to Facebook..

  11. Don Wilson

    November 8th, 2007 at 8:37 pm

    Oh no, not Alicia Keys!

  12. Pierre Fontenelle

    November 8th, 2007 at 8:52 pm

    I sent a message to the Alicia Keys profile back in September about this hoping whoever ran the profile would take care of it, but I doubt they ever read it.

  13. Steve Ballmer

    November 8th, 2007 at 8:52 pm

    Not our fault!
    Blame the clever hackers!
    Macs use active-x too!
    I love Alica!
    A patch is already on the way!

    http://fakesteveballmer.blogspot.com

  14. Larry

    November 8th, 2007 at 9:06 pm

    Yawn. Why is this a story?

  15. Pierre Fontenelle

    November 8th, 2007 at 9:14 pm

    P.S. This technique has been in use on many MySpace pages for sometime. The alicia keys page has been compromised. It’s a link designed with an invisible gif background with an excessive height parameter in its styling definition. Because styling has been disabled from profile comments, it can only be procured within the profile itself (which is why I say the alicia keys account really was hacked into). I’ve seen it done with many different follow URLS for sometime now. It’s been used before to direct users to fake myspace login urls. At one point this same technique of styling was used to create myspace phishing login pages directly in profiles. I do my part and report the pages to MySpace or send a message to the user him/herself.

  16. Scott Schiller

    November 8th, 2007 at 9:26 pm

    The technique is simple and effective (abs-positioned link with a large width/height, high z-index and so on) - more interesting/disturbing is how someone managed to get that code into that profile page.

    High-profile sites are popular targets for XSS-type hacks given the traffic and user base they attract. I’ve also heard of shady hosts injecting iframes loading exploit code on some sites - quite sketchy.

  17. digital-lifestyle

    November 8th, 2007 at 9:54 pm

    It was earlier Google Opensocial , now it is myspace, the hackers are going smarter these days.

  18. steveballme

    November 9th, 2007 at 5:52 am

    I’d love to get mey chance to hack at Alecia!

    http://fakesteveballmer.blogspot.com

  19. meetingflex.com

    November 9th, 2007 at 7:18 am

    so what :-)

  20. Roy

    November 9th, 2007 at 8:07 am

    Think that’s bad? I know forums where malicious high-jackers can, with next to no work, shamelessly plug their own worthless blogs without contributing to the content of the thread! No ActiveX even required!

  21. Brian Wilson

    November 9th, 2007 at 8:35 am

    Maybe the hacker had just recently fallin in and out of love with Alicia Keys.

    …get it?

    Brian Wilson, Zolve.com

  22. Scott Bartell

    November 9th, 2007 at 9:20 am

    Looks like myspace fixed it. Cool.

  23. Fred Mitchell

    November 13th, 2007 at 9:17 pm

    This is not just an Alicia Keys problem. Just happens to be the only one getting a lot of press right now. Chris Boyd, better known as Paperghost brought this to light Oct 31. I know of another artist, Shannon Haley that has her page Hacked 2 times since early October. She is an up an coming artist and had over 69,000 friends on her site before she was hacked. MySpace “fixed-it” just today, however she only has 263 friends now. She is competing on FameCast and lost her complete MySpace fan list. Makes it rough for the artist that does not have same pull with MySpace as Alicia Keys. The hackers are running wild on MySpace and it appears that MySpace could care less. That is unless your a top name artist.
    Go to my blog and take a look at another example of a Spam/Hack/Scam on MySpace that even has their logo and picture of Tom. I have reported over 100+ of these but only a few have been removed. Can’t even get a response from MySpace.

    Fred Mitchell
    http://deltamusic-live.blogspot.com

« Previous post
Next post »