Attackers are piggybacking on the fame of R&B recording artist Alicia Keys to spread their malware Relevant Products/Services over the Web. Keys’ MySpace page has been infected with malicious software.
Exploit Prevention Labs discovered the attack, one of several targeted MySpace pages. French funk band Greements of Fortune and Glasgow rock band Dykeenies were also targets of the Web-based attack.
“When a visitor visits the infected page, they’re first hit by an exploit which installs malware in the background if they’re not fully patched against the latest security Relevant Products/Services vulnerabilities, and next they’re presented with a fake codec which tells them they need to install a codec to view the video,” said Roger Thompson, CTO at Exploit Prevention Labs. “So even if they’re patched, they can fall victim to the exploit.”
Specifically, visitors to these MySpace pages are directed to co8vd.cn/s. This appears to be a Chinese malware site. If the visitors accept the code installation, the site installs malicious software.