Network News

X My Profile
View More Activity

Web Worm Whacks MySpace Users

A complex, ongoing attack on MySpace.com users is turning victim's sites and computers into hosts for serving phishing scams and computer viruses.

Earlier this week, some MySpace user pages were seeded with computer code seeking to exploit one of three recently-patched security holes in Microsoft Windows and Internet Explorer. MySpace visitors who browse one of these pages are redirected to a fake MySpace login page aiming to steal the visitor's MySpace user name and password.

A screen shot of an infected MySpace profile. Clicking anywhere on the live version of this page will redirect the visitor to a fake login page and try to seed the visitor's PC with malicious software.

We've seen a similar attack against MySpace, but this new one has a twist. A scam victim's MySpace page is altered to include code redirecting users to a phishing page. Meanwhile, if the user's computer does not have up-to-date Microsoft patches, programs will be silently installed linking the victim's machine into a network of several hundred infected PCs used to host other phishing sites or serve up additional malicious software.

So just how successful is this attack? Ask Lawrence Baldwin, chief forensics officer at MyNetWatchman.com, a company that tracks hacking and spamming activity. Baldwin runs a sizable "honeynet." It's a distributed network of machines designed to be infected with the latest malicious software so that investigators can glean evidence about the activities of the bad guys pulling the strings. Baldwin on Tuesday found that one of the PCs in his honeynet was among some 200 other Windows computers currently serving exploit code and phishing Web sites in this MySpace.com attack.

Baldwin said that about one-quarter of those who visited the MySpace phishing page hosted on that machine provided their credentials. So far, his infected machine has collected hundreds of MySpace user names and passwords, or roughly 10 to 20 sets of credentials every hour.

"That tells me that I'm only seeing 1/200th of the traffic going to the phishing sites in this network," Baldwin said. "If we extrapolate that out, we're talking about 2,000 to 4,000 MySpace account credentials being stolen per hour."

This type of Web 2.0 worm likely will be a favorite method of attack for some time.. MySpace sports one of the biggest collections of some of the least PC-security-savvy people today. In January, I wrote about another MySpace.com attack that exposed tens of thousands of MySpace passwords, many of them extremely easy-to-guess dictionary terms. Baldwin said the passwords his honeynet machine has intercepted are no more complicated.

That behavior suggests that a great many MySpace users don't consider their account worth protecting. This type of attitude is typical of the very people whose computers are most commonly compromised by criminals. The misguided notion that one's computer or MySpace account has no valuable information on it and therefore couldn't possibly be an attractive target for cyber criminals is the principle reason online crooks are so successful.

By Brian Krebs  |  June 27, 2007; 1:52 PM ET
Categories:  Fraud , From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Social Networking on Internet Scammer Forums
Next: Spammers Duke It Out In Online Turf War

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company