Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
 
Recent Posts
Categories
Monthly Blog Archives
Links
Subscribe
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

« Myspace Spammers Just Aren't Trying Anymore | Main | Skype Worm Preys Upon Good Samaritans.. »

  • BandJammer - Hacking A Myspace Music Profile Near You

The last few days, we've noticed a number of Myspace profiles hacked. Nothing unusual there, you might think - however, this approach is somewhat different.

Why?

Because the attackers only seem to be hacking the pages of various rock bands, overlaying them with a huge "background image" that covers a sizable chunk of the page then either tries to redirect you to fake Media Codec installs, or (as far as we can tell from the messages being posted on some Myspace Bulletins) Phishes your Myspace login details. Check this out:

http://blog.spywareguide.com/upload/2007/10/myphish1-thumb.jpg
Click to Enlarge

It's a page for a band called "A New Dawn" - notice at the bottom of the screen, there's a .cn URL - that's where all the action takes place. From there, the attack seems to rotate between exploits, fake Media Codec installs and apparent phish attempts. Shall we look at the code?

myphish2.jpg

Note the "background image" is a URL. This isn't the only band to have been hit by this:

myphish3.jpg

...and, if we look at some of the comments left on their pages, it's obvious that the attackers aren't too concerned who notices it:

http://blog.spywareguide.com/upload/2007/10/myphish4-thumb.jpg
Click to Enlarge
http://blog.spywareguide.com/upload/2007/10/myphish5-thumb.jpg
Click to Enlarge

If you check out the steps made in a typical hijack, this is what happens on your PC:

5point5.jpg

If you check the source code for the final step of this particular journey, you'll see this:

myphish7.jpg

..from this "movie site" comes - you've guessed it - a fake codec installer:

http://blog.spywareguide.com/upload/2007/10/myphish8-thumb.jpg
Click to Enlarge

Install this, and you're only a few moments away from "security toolbars":

http://blog.spywareguide.com/upload/2007/10/myphish10-thumb.jpg
Click to Enlarge

....desktop wallpaper hijacks, rogue security applications giving dire warnings of infection and who know what else. More alarmingly, there have been a few people on Myspace claiming that their accounts have been "phished" after clicking into one of these hacked pages - indeed, there are already a number of bulletins floating around regarding this issue:

http://blog.spywareguide.com/upload/2007/10/myphish11-thumb.jpg
Click to Enlarge

...so there we have it. Targeting nothing but Myspace band profiles is an interesting tactic - hack one of the more popular bands, and a steady stream of potential victims will be winging their way to your hijack of choice. As the overlay covers most of the page, it doesn't leave the end-user with much margin for error. For what it's worth, we detect this as BandJammer.

Rock and roll - it'll be the death of you....

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research: Chris Mannon, FSL Senior Threat Researcher

  • TrackBack

TrackBack URL for this entry:
http://blog.spywareguide.com/mt/mt-tb.cgi/229

Listed below are links to weblogs that reference BandJammer - Hacking A Myspace Music Profile Near You:

» life insurance quote from life insurance quote
homogeneity conspicuous.zebra saltiness!wench [Read More]

» Download gay rape. from Gay rights leader charged in rape.
Gay sex after rape. [Read More]

» Mom son sex. from Mom son sex.
Mom son sex. [Read More]


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.