Alicia Keys MySpace hack
By Caroline Cockerill | November 15, 2007
Summary: Recently discovered hacks on Alicia Keys’ MySpace page raise several causes for concern. Concerns such as malware infecting visitors computers, compromising their credit card information and installing keystroke loggers. Antivirus software defends against the malware by alerting the user.
Famed R&B performer Alicia Keys’ MySpace page had several areas hacked to allow users to click on the code planted there by a Chinese hacker group. An unprotected computer would have had a codec, or a rootkit and DNS changer loaded on to it but the user would think it was necessary video software. Time Magazine reports the objective is to get you to buy fake antivirus software, steal the user’s credit card information and install keystroke loggers on the unprotected computer.
A protected computer with the latest Windows updates and internet security such as
Norton Internet Security would have blocked it by alerting the user to the threat.
MySpace’s open source design has long allowed malicious code to hide on user pages. Here we see an effort to piggyback on the popularity of various musical groups in order to infect a large number of visitors’ computers. We’ve seen previous malware hosted in advertising on MySpace pages, that took advantage of Windows’ vulnerabilities to infect visitors. And the third-party applications used by so many to customize their MySpace environment, can often be infected or compromised. Unsuspecting visitors, especially those without internet security software, can get malicious code dropped onto their computer without even knowing it happened.
The hack was targeted at least 2 dozen other bands’ web pages on MySpace but Keys’ site is the most prominent and highly trafficked of those infected. MySpace pages hosting malware is not a new phenomenon. The downside of open source social networking is that third party applications may carry malware (viruses, keystroke loggers, etc). We’ve seen worms on MySpace since 2005. The only way you would know of the hack as a visitor is if your computer and browser are up-to-date with patches from the manufacturer AND you use internet security software to alert you.
Quick tips to stay protected:
- Be sure you have internet security software installed, such as Norton Internet Security, before you go online. Make sure you have updated your definitions, too.
- Be vigilant about updating and patching your operating system and browser software.
- Be suspicious of requests for user login information when you are already logged into MySpace or other social networking sites, or when you are viewing a public page. Never download software from a request within a site. You can always visit the manufacturer’s site for updates.
