Hackers Take Over MySpace Pages To Build Bots - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure

Hackers Take Over MySpace Pages To Build Bots

Malicious code embedded in about two dozen MySpace pages downloads the dangerous FluxBot onto victims' machines.

Internet Storm Center researchers are warning users that drive-by exploits have been embedded in a few dozen legitimate MySpace pages.

Johannes Ullrich, chief technology officer with the Internet Storm Center, told InformationWeek that the malicious code that's embedded in the Web pages installs the FluxBot, a dangerous new bot. Since the bot doesn't have a central command and instead relies on a complex set of ever-changing networks of proxy servers, Ullrich said it's extremely difficult to shut it down or cleanse it off an infected system.

"It appears that these are compromised accounts," said Ullrich. "Hackers overtook maybe a few dozen pages. MySpace is fixing the issue. ... They reacted very quickly in this case."

Ullrich explained that the embedded malicious code tries to exploit an old Microsoft Internet Explorer bug that was patched mid-2006. If that bug lets in the exploit, then the FluxBot is downloaded.

"The IE hole is not particularly dangerous at this point, but quite a few people still got hit," he added. "I guess there are a lot of people out there with unpatched versions of Internet Explorer."

Ullrich also noted that while MySpace isn't a new target for hackers, it's an increasingly popular one.

While he said MySpace as a company runs a tight security ship, the site's phenomenal popularity is built on the fact that users are able to create their own pages. That means that honest people may create pages that hackers can easily take advantage of, but it also means that cybercriminals can pose as everyday users and build their own malicious pages to trap other MySpace users.

"MySpace is so popular and it allows people to edit their own Web pages," said Ullrich. "People in general trust MySpace as a site so they don't disable JavaScript when they go there. MySpace the company may be trustworthy, but the content built by users may not be."

This past February, two men pleaded no contest to charges stemming from their scheme to write malicious code and use it to extort $150,000 from MySpace. Shaun Harrison and Saverio F Mondelli, both of New York, pleaded to the single charge of unauthorized computer access. Three other charges, including attempted extortion and another unauthorized access charge, were dropped, according to Jeffrey McGrath, deputy district attorney for Los Angeles County.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Commentary
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
Slideshows
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll