Roger Thompson of a company called Exploit Prevention Labs has posted a video (above) explaining how Alicia Keys’ MySpace page was hacked, although not in the sense that anybody gained actual control over the page.
Rather, someone managed to get a link onto the page that became activated no matter where the user clicked. Users who tried to play any of the multimedia embeds on the page were redirected to a Chinese website that prompted them to install an ActiveX component. Since this ActiveX component appeared to be from the Alicia Key page and necessary to play the multimedia, many users were prone to confirming the installation thereby compromising their computers’ security.
Thompson notes that MySpace pages are particular prone to such exploits because their complexity can lead to user confusion. Since this video has been published by a company that sells software to prevent such exploits, I’m a bit wary to believe his suggestion that such attacks are on the rise (although they very well could be). In any case, it serves as a good reminder to all of us never to install software, ActiveX or not, from untrusted websites, among which you should count MySpace and other social networks.
This is not the first time we’ve seen MySpace pages messed with in ways that border on hacking. Last March John McCain found his MySpace page inadvertently promoting a position he had not officially taken.