A HTML/CSS bug in MySpace has been exploited and a few stars’ high-traffic profiles, including Alicia Keys’, has been affected by it. What the hack does is that it creates a link that can be moved anywhere on the profile and covers a substantial amount of space.

When a person clicks on the link, he or she is brought to a page which will prompt the user to install a codec that will allow them to hear music from the artiste. It’s a clever trick because it looks authentic and there is a good chance the user will think it’s some sort of special link to a pre-released song or video of some sort, which will increase the chances that they will download the codec (which is a virus) into their computers.

People with computers that have not applied the latest security vulnerability patch will get infected even more easily because the malware will download in the background, oblivious to the user. Since even legal plugins online get the prompt, those who have the update may still fall for the trick as it everything will seem like its normal.

The hack is a tad interesting though, as the effect is achieved with a simple href tag that seems to be able to create an image map of some sort, allowing it to span across a substantial part of the page. They can also position this link anywhere they wish using CSS styles, which will allow them to put it at the most effective places. Even the MySpace ads could be affected by this exploit and bring the victim to the malicious page.

Let’s hope Alicia Keys fixes it soon before her MySpace reputation is ruined. Users who aren’t updated on the news may just not trust her links anymore.