The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Myspace Hack spreading like wildfire

Posted by Xavier Ashe on July 17, 2006

Well, well. Somebody has managed to hack Myspace.com with a flash based
redirect that exploits what is apparently a gaping wide hole in the
Myspace code. If you are signed into Myspace, and you go to a friends
page, and then find yourself redirected to a blog post containing a
diatribe about how the United States government is behind the 9/11
attacks, then your account has been hacked, and everyone who visits
your page will be infected!! Yes, it's true, at least for now –
everybody who visits an infected profile while signed into their
Myspace account will have their page hijacked!

From ChaseAndSam.com.  Go here to find out how the MySpace SWF hack worked.

The solution is rather simple: Go to your home page, and click on edit
profile, remove the line below (and only the line below) from your
About Me section: (I added some “f's” to the code so it won't work here)

fembed ffallowscriptaccess=”fnever” src=”fhttp://i105.photobucket.com/albums/mff225/yrkblack/redirecft.swf”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: