Alicia Keys Website Hacked

MySpace and Alicia Keys partner to distribute malware. Sort of... It appears that the MySpace profile owned by singer Alicia Keys was hacked and the users who attempt to visit it are redirected to a dangerous website trying to install malicious files on visitors' computers. Roger Thompson of Exploit Prevention Labs wrote that the MySpace profile may have a background image link injected which gets the users straight to the dangerous page. After the folks at the security vendor reported the problem, MySpace quickly corrected the problem but it seems the Alicia Keys profile is hacked again. This time, the dangerous link is different but both old and new page are hosted in China.

"The interesting thing about this is that rather than using an iframe for an automatic embed, as they usually do, they've added some sort of image background href, with a large size... 8000 by 1000 pixels, with the effect that a click that slightly *misses* a control or link on the page, ends up going to the exploit site," Roger Thompson wrote on the blog. "What's not clear at this point is how they're doing it, and how widespread it is."

At this time, there is no official MySpace statement but since it is one of the most popular social networking websites, it is likely to see some other hacked pages anytime soon.

"The fact that this site is media-rich, with lots of sound and videos means that the FakeCodec trick will be much more effective. The click-er is probably expecting to see a vid, or hear a song, and is quite likely to think he genuinely needs to install something extra," the security expert added in the blog post.

It seems like the second page included in the hack attack is unavailable at this time, the visitors encountering a 404 error once the page is loaded.