Background images used in MySpace attack

And not inline frames as it was believed at the start. That is when one tries to link user to malicious servers using iframes, one just makes additional pages open in the main web page. It’s now clear that this time attackers added large scale image background href (8000 by 1000 pixels) that makes the click slightly miss the link or control and go straight to the exploit page. The html code links to a site in, no, not Russia – China.

And it’s no wonder why users accept something to download in this case, because, when you are trying to see a video or hear a song in such a media-rich site like MySpace, you’re used to download and install some kind of codec from time to time, to the point where it becomes just a reflex action.

Articles