Exploit Prevention Labs has just uncovered a new type of multi-faceted attack spreading through MySpace's Top Artist's pages, including the Alicia Keys page (MySpace's 4th most popular artist).
This is not your typical Web worm attack, which spreads through phishing inside the social network that gets people to give away their passwords so they can infect again and again. This one resulted from a successful hack against MySpace itself, claims Roger Thompson, CTO of the New Kingston, PA-based Exploit Prevention Labs, who's analysts discovered the attack.
Nor did the attack use malicious iFrames, which are the other common way bad guys are hiding malware on victimized sites. iFrame-based malware is limited in that it can only hide in specific locations on the Web page, most commonly the welcome link, so they're not a sure bet that everyone visiting a page will get infected. With this new attack, an image map hidden inside the HTML covers a wide area of the page's background so anything you click will direct you to the malicious hyperlink.
Because the attackers were able to modify pages of Keys and others (including "Greements of Fortune," a French funk band, "Dykeenies," a rock band from Glasgow, and more), Thompson and other researchers blame this problem on MySpace.
After examining the page's HTML, John Heasman, director of research, NGSSoftware, attributes the problem to a flaw in MySpace's styling, wherein MySpace allows a link to contain a CSS style attribute that specifies a background image.
Using a standard HREF tag for the link, the criminals specified huge dimensions for the image covering most, if not all, of the browser window so users are likely to be redirected if they click anywhere on the page.
Adds Heasman, "This is an inventive attack method - one that could likely affect other social networking sites."