Members blue2blue Posted November 10, 2007 Members Share Posted November 10, 2007 [i posted about this in the songwriting forum too since a lot of people there use MySpace for hosting their songs.] Singer's MySpace Page Hacked, Cleaned, Rehacked By Lisa Vaas November 9, 2007 Updated: MySpace promptly cleaned up Alicia Keys' booby-trapped page, which was promptly reattacked. MySpace has been breached by an attacker who's planted malware and a fake codec on a number of musicians' sites, most notably, that of Alicia Keys, a popular singer whose site was booby-trapped, cleaned up for a few hours and promptly rehacked. Exploit Prevention Labs' Roger Thompson said in a Nov. 8 posting that MySpace fixed Keys' page, which had been rigged with an HREF image reference to the co8vd.cn/s/ fake codec, within hours of EPL's having posted a videotape of the exploit. Hours after getting cleaned up, the site was once again crawling with malware that would snare anybody with an unpatched system who even came close to clicking on anything on the page. That's because of a new twist that an EPL spokesman said hasn't been seen before: The HTML in the page contains some sort of very large image map that spans 8,000-by-1,000 pixels. The malware is being hosted in China and is installing rootkits and probably DNS (Domain Name System) changers, he said. DNS changers are the same thing being installed by a well-known family of Windows Trojans, the controllers of which have recently started targeting Macs as well. DNS changers are also a well-known calling card of the Russian Business Network, an infamous ISP that hosts a gamut of online nastyware, from child porn sites to money laundering. "This could easily be the same group that recently started watching for Mac users and offering a Mac Trojan as needed, and if that's so, will also add to the effectiveness of the attack," Thompson wrote. ... When a visitor visits the infected page, they're first hit by an exploit that installs malware in the background if their system is not fully patched against the latest security vulnerabilities. The victim is next presented with the fake codec, with a message telling them they need to install a codec to view the video. The attack is thus multilayered and still has a chance to ensnare users with fully patched systems if they click on the fake codec. The chance that a MySpace user would click on a link to download a codec are good, Thompson said. In June, MySpace was also hit by a worm that was turning users' sites into bots to serve phishing scams and viruses, using "fast flux" to hide its phishing and malware delivery sites behind ever-shifting networks of proxy servers that are next to impossible to track down. The current attack is worrisome in that it doesn't amount to a simple case of crooks getting their hands on musicians' user names and passwords. Other bands that have been hit by the same attacker or attackers include the French funk band Greements of Fortune and the Glasgow rock band Dykeenies.What's not clear, Thompson said, is how the attackers are compromising MySpace, nor how widespread the attack is, given that neither Google nor MySpace was indexing the malevolent piece of HTML as of Nov. 8. A quick Google search Nov. 9 similarly led only to victims' testimony or news reports. MySpace provided a statement that gave no clue as to how widespread the attack has been, how many sites were affected, nor how the attackers penetrated MySpace's defenses twice in a few hours. The company did say, however, that phishing is illegal and that MySpace doesn't like it. http://www.eweek.com/article2/0,1759,2214681,00.asp I'm not even visiting my own MySpace page. I have my browsers and OS patched up but I don't think this is something to be laughed off. And even if the drive-by doesn't get you -- the social engineering might... I've been helping a friend try to eliminate just such a rootkit infection (he naively clicked on a "Install Video Codec" type link). The rootkit was preventing any anti-virus scans from working properly. He's by no means an inexperienced user. After he was infected he thought he got it out by hand-editing his registry... until the blue screens started. The first time he tried reinstalling windows he didn't delete the partitions and FAT -- the rootkit was still there and his attempts to reinstall Windows 'from scratch' after a format of the existing partitions ended in blue screens. Under my advice he re-partitioned and has been able to reinstall Windows. But now he's carefully picking through his data -- much of it backed up in a hurry after he realized he was infected -- so he has to be extra careful he doesn't reinfect himself. Don't let it happen to you. PS... to you Mac guys -- as the article notes, the same type exploit that got my pal -- who's had a computer for at least 15 years -- is now targeting Mac users. You have to go through a couple extra steps on the Mac -- but if they conned my pal into DLing and installing the fake codec there are undoubtedly some Mac users -- lulled into an all too understandable complacence -- who will invite similar infections. Link to comment Share on other sites More sharing options...
Members Dean Roddey Posted November 11, 2007 Members Share Posted November 11, 2007 I'm beginning to hink that we need one of those nice black ops type things, where people of flexible morals are given large guns and lots of money and let loose in a few overseas countries with some highly trained networking assistants. If people start having to worry that they'll be falling down the stairs onto some bullets if they pull this kind of crap, maybe we'll have less of it. I'm not a violent person at all, but I would have zero problems if our govt did this. These people are scum and really don't deserve to live. Link to comment Share on other sites More sharing options...
Members blue2blue Posted November 11, 2007 Author Members Share Posted November 11, 2007 An understandable sentiment forcefully put! The Russian Business Network sounds like a nasty bunch of cyber-creeps... and these guys in China are apparently as malevolent as they are brazen. Link to comment Share on other sites More sharing options...
Members bp Posted November 11, 2007 Members Share Posted November 11, 2007 Are they secretly putting lead into my tunes? Link to comment Share on other sites More sharing options...
Members Meriphew Posted November 11, 2007 Members Share Posted November 11, 2007 I'm beginning to hink that we need one of those nice black ops type things, where people of flexible morals are given large guns and lots of money and let loose in a few overseas countries with some highly trained networking assistants. If people start having to worry that they'll be falling down the stairs onto some bullets if they pull this kind of crap, maybe we'll have less of it. I'm not a violent person at all, but I would have zero problems if our govt did this. These people are scum and really don't deserve to live. I like this idea. Link to comment Share on other sites More sharing options...
Members blue2blue Posted November 11, 2007 Author Members Share Posted November 11, 2007 I'm beginning to hink that we need one of those nice black ops type things, where people of flexible morals are given large guns and lots of money and let loose in a few overseas countries with some highly trained networking assistants. If people start having to worry that they'll be falling down the stairs onto some bullets if they pull this kind of crap, maybe we'll have less of it. I'm not a violent person at all, but I would have zero problems if our govt did this. These people are scum and really don't deserve to live. I've been saying something like this was probably sure to happen for a long time... When I first started in that line of conjecture, I was thinking more of piracy and the many millions of dollars (now clearly billions) that are involved. But now that national security issues are clearly involved, I wouldn't be surprised if it isn't already in the works. Look at the cyber-warfare that "Russian interests" have waged against Estonia and the Ukraine... (Of course, there have also been outright military provocations, as well.) http://news.bbc.co.uk/2/hi/europe/6665145.stm It's also been alleged that "Russian interests" have mounted a number of cyber-warfare probes and attacks against US national interests as well. (And then there's that ominous and thoroughly creepy sounding Russian Business Network mentioned in the article in the first post.) I'd say 3DW retaliation is right around the corner -- if it isn't taking place already. Link to comment Share on other sites More sharing options...
Members Dean Roddey Posted November 11, 2007 Members Share Posted November 11, 2007 BTW, if you are not using Vista, then you should a program like DropMyRights to launch your web browser. This will run IE in a lowered rights environment so that you can't get whacked by these types of viruses because they will not be allowed to write any files outside of the My Documents area. I have an icon on my desktop to start IE safely or normally, and always use the safe one unless there's a specific reason to do otherwise. Just set up the icon to launch DropMyRights and pass the browser path as a parameter to it. Link to comment Share on other sites More sharing options...
Phil O'Keefe Posted November 11, 2007 Share Posted November 11, 2007 I'm beginning to hink that we need one of those nice black ops type things, where people of flexible morals are given large guns and lots of money and let loose in a few overseas countries with some highly trained networking assistants. If people start having to worry that they'll be falling down the stairs onto some bullets if they pull this kind of crap, maybe we'll have less of it. I'm not a violent person at all, but I would have zero problems if our govt did this. These people are scum and really don't deserve to live. Give me a decent budget, governmental sanction, access to good intel and my picks for the team members, and I'll do it. Of course I'd attempt to bring them in alive so they could face trial, but if they resisted... Spam and malware are a serious threat to the Internet. It's practically cyber-terrorism. Link to comment Share on other sites More sharing options...
Members blue2blue Posted November 12, 2007 Author Members Share Posted November 12, 2007 Give me a decent budget, governmental sanction, access to good intel and my picks for the team members, and I'll do it. Of course I'd attempt to bring them in alive so they could face trial, but if they resisted... Spam and malware are a serious threat to the Internet. It's practically cyber-terrorism. You've definitely got the look... Link to comment Share on other sites More sharing options...
Members alphajerk Posted November 12, 2007 Members Share Posted November 12, 2007 Spam and malware are a serious threat to the Internet. It's practically cyber-terrorism. except its only your computer that eats {censored}... backup people. who cares about a rebuild? image and protect yo ass. i dont feel "terrorized" by any of this... i did get my site hacked once with some stupid {censored} about death to israel put up on it but found it amusing and restored my site back again in minutes. i image the {censored} out of everything now, backup everything. i must have 10 DVD's of my family photos, most redundant now. dont really care about the music i ripped because i own it and could download it just as easily. obviously my work gets backed up and up and up again. HDD failures are a bigger fear for me that viruses. Link to comment Share on other sites More sharing options...
Members Dean Roddey Posted November 12, 2007 Members Share Posted November 12, 2007 Don't assume it's just about losing your work. Plenty of attacks have nothing to do with destroying your computer. In fact, they are just the opposite. They want your computer happy and healthy, because they are hijacking it to use it as a proxy for sending out spam, uploading kiddie porn, whatever. So it looks like it's coming from your address, not theirs. Link to comment Share on other sites More sharing options...
Members Anderton Posted November 12, 2007 Members Share Posted November 12, 2007 i image the {censored} out of everything now Can you give a quick tutorial on how to "image the {censored} out of everything?" Link to comment Share on other sites More sharing options...
Members blue2blue Posted November 12, 2007 Author Members Share Posted November 12, 2007 Don't assume it's just about losing your work. Plenty of attacks have nothing to do with destroying your computer. In fact, they are just the opposite. They want your computer happy and healthy, because they are hijacking it to use it as a proxy for sending out spam, uploading kiddie porn, whatever. So it looks like it's coming from your address, not theirs. Also -- they want to be able to search for passwords, credit card numbers and the like -- or even intercept the live transmission of same for those of us too 'smart' to keep them on our systems. Craig, I think what AJ is getting at is creating disk images of your working system so you can nuke your hard drive completely (repartition/deep format) and then simply copy the disk image back on, getting up and running with all your programs still installed, etc. Link to comment Share on other sites More sharing options...
Members amplayer Posted November 12, 2007 Members Share Posted November 12, 2007 Can you give a quick tutorial on how to "image the {censored} out of everything?" I think the guys at your local porn shop would be happy to assist you with this. Link to comment Share on other sites More sharing options...
Members blue2blue Posted November 12, 2007 Author Members Share Posted November 12, 2007 I think the guys at your local porn shop would be happy to assist you with this. Just click here to install our special image-the-F viewer on your system! Don't be the last on your cyber-block! [No, that's not a real link.] Link to comment Share on other sites More sharing options...
Members Dean Roddey Posted November 12, 2007 Members Share Posted November 12, 2007 I use Acronis, which is a good one. You can create a boot CD that you can boot up on, so that your drives are completely unused and nothing is changing, and just image the entire drive to another drive. It takes quite a while, so the advice to just constantly image them is a little impractical. It takes hours to image a large disc, and more hours if you want to verify that the image is good, so it's something that you have to really run overnight generally, and it beats the crap out of the hard drive for hours at a time, which will probably mean it will fail sooner than it would. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.