Monday, August 20, 2007
MySpace Has Another Serious Security ProblemA while ago I posted about the huge Myspace AIM virus because it posed a serious threat to a lot of people, well now there is another one. This one is a phishing attempt that has to do with MSPlinks url rather than a virus and for those who don't know a phishing attempt is one someone tries to deceive you into entering in your information so they can steal it and do what they want with it, which in this case is spam other users.
This MSPlink phishing attempt appeared as a comment on my profile page and because I know the user who posted it, I knew something was fishy. She's a nice girl and wouldn't post anything like this willingly so something had to be wrong with it.
It starts out with a comment posted to your profile that says "can't believe she put pics like that on her myspace.. talk about slut.." and along with that is a link to something like http://www.msplinks.fuseaction.MDFodH... and when you copy and paste the URL into your browser, it brings you to a page that looks just like MySpace (see image) asking you to login. Thankfully, FireFox (I haven't tested in IE7) recognizes this page as a phishing attempt and prompts you with a warning that this site is fake but unknowing people will undoubtedly enter their information.
After you enter your information friends on your profile are spammed with the same sort of comment and URL and thats how its grows virally. This one is more tricky then simply a deceiving URL because MySpace actually uses MSPlinks in their URLs to help deter other phishing and spam attacks. So if you go to a profile and enter a comment with HTML, it will redirect through MySpace owned URL "MSPlinks.com" as you can see on just about any MySpace profile.
What to Do If you See This Phishing Attempt
1. Tell the user who's profile you are looking at to remove the comment.
2. Remove this comment from your profile
3. Post a bulletin warning people about this scam (send a link to this blog post for reference if you want)
4. Change your password immediately if you've fallen for this or if this appears on your friends profiles from a comment you did not make.
5. Contact MySpace and tell them to do something about it (contact form here).
Please Comment here if you have any questions or concerns.
By Matt O'Hern at 01:57 PM | Comments (4)