Malicious code embedded in about two dozen MySpace pages downloads the dangerous FluxBot onto victims' machines.
Internet Storm Center researchers are warning users that drive-by exploits have been embedded in a few dozen legitimate MySpace pages.
Johannes Ullrich, chief technology officer with the Internet Storm Center, told InformationWeek that the malicious code that's embedded in the Web pages installs the FluxBot, a dangerous new bot. Since the bot doesn't have a central command and instead relies on a complex set of ever-changing networks of proxy servers, Ullrich said it's extremely difficult to shut it down or cleanse it off an infected system.
"It appears that these are compromised accounts," said Ullrich. "Hackers overtook maybe a few dozen pages. MySpace is fixing the issue. ... They reacted very quickly in this case."
Ullrich explained that the embedded malicious code tries to exploit an old Microsoft Internet Explorer bug that was patched mid-2006. If that bug lets in the exploit, then the FluxBot is downloaded.
"The IE hole is not particularly dangerous at this point, but quite a few people still got hit," he added. "I guess there are a lot of people out there with unpatched versions of Internet Explorer."
Ullrich also noted that while MySpace isn't a new target for hackers, it's an increasingly popular one.
While he said MySpace as a company runs a tight security ship, the site's phenomenal popularity is built on the fact that users are able to create their own pages. That means that honest people may create pages that hackers can easily take advantage of, but it also means that cybercriminals can pose as everyday users and build their own malicious pages to trap other MySpace users.
This past February, two men pleaded no contest to charges stemming from their scheme to write malicious code and use it to extort $150,000 from MySpace. Shaun Harrison and Saverio F Mondelli, both of New York, pleaded to the single charge of unauthorized computer access. Three other charges, including attempted extortion and another unauthorized access charge, were dropped, according to Jeffrey McGrath, deputy district attorney for Los Angeles County.
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.