The Myspace Band Hacks: A Victim Speaks

| | Comments (0)

You probably saw some of the coverage of the recent hijacking of musician pages on Myspace. What you probably didn't see, was evidence of the end-users who were unfortunate enough to have their systems taken over as a result of the hacked band pages. Certainly, a few reports claimed that something like "40,000" people were infected as a result of viewing the Alicia Keys Myspace page at the time that it was hacked. The only problem is, nobody seemed to be able to produce one of these individuals. While I don't believe that many users became infected purely from the Alicia Keys page, it's obvious that there would be people out there with a story to tell.

Well a few days ago, one of the end-users who clicked the overlay on a hijacked page (which would redirect you to malware and fake codecs) got in touch, and agreed to let me use the following extract to serve as a warning to anyone clicking on a Myspace page. Obviously, names / personally identifiable information has been removed.....

"To Chris Boyd:

I believe I was a victim of the recent software attacks on MySpace. I have read that you first blogged about it, but haven't heard of any solutions as to what can be done to online visitors who have visited the site, and whose computers have been compromised. I had ********** Cable install high-speed internet, and got online the same day. I did get on the Alicia Keys website, along other websites, and the following day, my computer is showing me a red screen telling me that my "privacy is in danger." A pop-window appears from time to time. It says...WINDOWS SECURITY ALERT...Someone is trying to hack into your system....download such and such now, etc. Downloading more stuff is actually something that I don't want to do.

I have contacted the company, and all they told me was to go to a computer technician and clean my software. I should mention that I had McAfee and Norton Antivirus, but both expired in May 2007. I had dial-up before and never had this problem, even with the virus protection programs expired. I guess the only solution now is to get my computer cleaned up, and buy a software that will protect me from future problems. Hope Best Buy has the right stuff! Since it's high-speed, does that mean we're open to hackers? Do you know how online visitors can be compensated for the recent attacks on the website?"

Well, for what it's worth, you'd have had the same problem if you'd visited the page and been hijacked regardless of whether or not you were on Dial Up or high speed broadband. As to whether or not you're "open to hackers", it depends what was installed during the hijack. Though there were some reports of Rootkits flying around the press when this story was in the news, all we saw installed was the fake Codec (which is usually responsible for downloading and installing the rogue antispyware cleaner currently giving you all those "alerts"). However, the payload was known to change from time to time so without seeing the individual PC, it's hard to say. The good news is, most reputable security cleaning tools remove many, many variants of these fake Codecs, and also the rogue antispyware tools they push onto hijacked PCs. The method used to hijack the computers in this attack was much more interesting and up to date, than the actual malware being foisted onto the target PC which (when compared to some of the hijacks out there) were fairly middle-of-the-road and not a huge threat.

As for being "compensated", sadly I don't think you'll get very far. Your best bet is to keep your security tools updated, try running in Limited User Mode if you're just doing general web browsing and keep Windows patched as much as possible.

Meanwhile, hacked pages are still out there and still redirect to the hijack sites at the heart of this attack, so anybody visiting a music page on Myspace needs to ensure everything they click on is legitimate. On a related note, I'd love to hear from anyone else out there that's been hijacked by the above scam...

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on November 19, 2007 7:12 AM.

Bandjammer Trojan installs Multiple Rogue Applications was the previous entry in this blog.

Obtaining Passwords For Fun And Profit is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.