Well we woke up this morning and as is Lisa’s usual routine she pops onto her MySpace. She then turns to me at my desk behind her and asks “What is the Microsoft Malicious Tool? Should I download it?”
I turn and look at her computer and she has what at first glance appears to be the MS Update tool running. That MS malicious thing is somewhat annoying and since it was the only download showing, I told her to click cancel. She does, but is then prompted to download the update. I tell her to de-select the box, but the download prompt comes up again. Now I turn my full attention to her box…ahem…that is, her computer.
After scratching my head for a second (hey, it’s early for me on a Saturday) I notice that her MySpace actually appears to be one giant image. Wait a minute…I check our MySpace on my computer and…the same thing! Uhoh….actually it looks like an image with a very large transparent background that’s really on top of our entire MySpace.
I pop into the Profile editor and after pawing through the code, I found that our Interests section has been completely replaced with image code that is essentially as large as the browser window. The link for the image goes to an executable file from msplinks.com.
I immediately removed the malicious image and changed our password.
Has anyone else seen this occur? This instance at least is relatively new, because the image contains the Malicious Tool for December 2007 and the DNS record for the site related to it (windowsupdates.microsofma.cn) is brand new as of December 7, 2007, while the DNS servers domain (truehostingservices.com) for the site itself is only 2 months old (October 3, 2007).
Here’s the actual image itself if you’d care to see what it looks like – http://img152.imageshack.us/img152/8521/removaltooljh7.gif – I won’t post the link to the malicious code which turned out to be a trojan virus.
My bigger concern is how our MySpace got hacked – is there a password flaw that we’re unaware of at the moment?
