“The original hack,” writes Thompson, “was an href image reference to co8vd.cn/s/ and while that's now out of the html, there's now an href image reference to acilot.cn/s/ .... see any similarities there??? :-)”

In an earlier post reporting the original hack, Thompson writes that hacks on MySpace have become more common. “First, at the end of October, there were a number of links added as friend-comments that went via MySpace's open-redirector (MSPlinks) to exploit sites in China….Now, we keep finding MySpace pages that have had some sort of image-background link injected, that are reaching out to a different site in China that is both throwing exploits and using social engineering to install rootkits and (probably) dns-changers.”

But apparently the hacks are unusually sophisticated in the way they trick the individual browsing a given page.  “The interesting thing about this is that rather than using an iframe for an automatic embed, as they usually do, they've added some sort of image background href, with a large size ... 8000 by 1000 pixels, with the effect that a click that slightly *misses* a control or link on the page, ends up going to the exploit site,” Thomspon writes.  “The fact that this site is media-rich, with lots of sound and videos means that the FakeCodec trick will be much more effective. The click-er is probably expecting to see a vid, or hear a song, and is quite likely to think he genuinely needs to install something extra.”

Watch a video explaining more about the hacks here. 

Photo from the official Alicia Keys website