Network News

X My Profile
View More Activity

When Spyware Performs as Advertised

A few words of caution to any Myspace users out there considering "free" software designed to let you spy on unsuspecting others online: Be sure to read the fine print when a product like this says "free," and don't be surprised if the software is used to spy on you.

Take, for instance, the latest scam being passed around like a digital disease on MySpace: a message advertising software that promises users the ability to track who is viewing their profile pages. This thing, brought to my attention by the folks at Fortinet, arrives as a Myspace bulletin (bulletins allow Myspace users to send messages to all of their "friends" simultaneously) and directs users to visit www.myfriendspy.com, which claims the visitor can download the software after clicking on an icon that automatically posts the same bulletin to their friends.

(It's worth noting here that if anyone clicks on the first installer that pops up when they initially visit the page -- perhaps thinking this is the snoop program -- gets their very own copy of "Deskwizz," an extremely annoying adware program that is difficult to remove and serves so many pop-up ads at once that it often crashes Internet Explorer and makes Web surfing with that browser impossible.


When the MyFriendSpy page finally loads, with everything else on the page it's very easy to overlook the message notifying visitors that the tracking software isn't really available quite yet -- but hey, there's some free adware from 180Solutions Inc. instead!

When you click on the icon that reads "After posting a bulletin CLICK HERE to gain access to myfriendspy.com info," an installation agreement for Zango pops up. Zango is the much-maligned product of adware maker 180Solutions, which of course monitors what you search for and where you go online.

Lest anyone dismiss this type of scam as inconsequential, consider this: MySpace claims to have more than 70 million registered users, and the popularity of tracking services to help MySpace users keep tabs on who is viewing their profiles has recently created rather high demand for third-party programs that many users are paying good money to obtain. Spewing out software with names like ProfilePeep, ProfileSnoop, TheSpaceTracker and WhosOnMyPage, enterprenuerial programmers are cashing in on the MySpace craze.

Encouraged by the demand for trackers, many of those same entreprenuers are now selling code that users can plug into their Myspace profiles to block other snoopers from visiting their profiles. Heck, people are even trying to sell these MySpace trackers on eBay now.

My point is, given how many people are apparently willing to purchase Myspace spying tools, imagine how many new customers 180Solutions probably has as a result of partnering with a scammy company that claims to give away one for free.

At any rate, there seem to be a few different variations on this Zango/MyFriendSpy thing going around. So if you use Myspace, use your head. Don't download or install software from untrusted sources, even those apparently recommended by your friends. Also, MyFriendSpy page choked pretty heavily when I browsed the sites with Firefox, even when I wantonly clicked "yes" on everything that popped up. Visit the site with the Firefox "NoScript" plugin installed (which blocks javascript from loading unless you specifically allow it) and you'll get nothing more than a blank page.

One final thought: I wonder how many people sit at work idling away hours on the clock trolling MySpace pages, downloading code of dubious origin and clicking on links posted in MySpace comments and profiles. Aside from any policing done by MySpace (staying on top of tens of millions of constantly changing profiles must be tough), there is no reason Web links in MySpace cannot be just as harmful as those that spread viruses and worms around instant-messaging networks and e-mail.

By Brian Krebs  |  May 18, 2006; 10:44 AM ET
Categories:  Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Blue Security Kicked While It's Down
Next: Microsoft: Hackers Exploiting Unpatched Flaw in MS Word

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company