MySpace Scams

Researchers are warning of a widespread MySpace drive-by exploit attack meant to compromise machines so more profitable phishing schemes remain successful.

MySpace users become infected when they visit a profile page containing malicious JavaScript and then are silently redirected to an Internet Explorer exploit, which was patched in April.

The exploit installs a common proxy network bot, known as a flux bot, which is used to hide phishing sites behind constantly changing proxy servers, Ullrich explained. The cybercriminals, in other words, use their newly compromised PCs to hide the tracks of unrelated phishing scams targeting banks and other financial institutions.

“It’s lends some secrecy to the scam and it makes it harder to shut down,” he said. “Now, the actual machine (the victim) is connected to get to the phishing site changes by the minute. You can’t easily block them. It’s not that obvious.”

The botnets are also being used to send spam, Ullrich said.

Potentially thousands of MySpace pages could be infected with the malicious worm, but the infected profiles are “being shut down really quickly,” he said.

A spokesperson for MySpace, which has more than 100 million members, could not be reached for comment.

Ullrich said cyberthieves traditionally tailor their worms for MySpace and other social networking sites because of the younger demographic that use them.

“It has a lot of non-technical users who do not patch their browsers,” he said. “People are not that careful. They may visit MySpace thinking [it’s] a big a company and not realising the content of the pages comes from the average user.”

MySpace has been the victim of a number of attacks over the past year. Vincent Weafer, head of Symantec’s Global Security Response, said MySpace users are often easily fooled into giving up their credentials.

“If I can get into your trusted group, I may be able to get information out of you,” he said.

Colin Whittaker of Google’s Anti-Phishing Team wrote on the company’s security blog recently that many users are tricked into giving their usernames and passwords so crooks can send spam from their account or – worse – use that same log-in information to access their bank accounts.

written by: Dan Kaplan

As technology becomes increasingly more complex, law enforcement has to evolve to keep up with the modern perpetrator.

Adam Lebowitz, an ex-Grady Hospital doctor infected with HIV, was arrested in Coweta last November after allegedly soliciting sex from a teenage boy he met on the Internet.

Lebowitz was charged with criminal attempt to commit aggravated child molestation, to sexually exploit a child, to commit statutory rape, to commit aggravated sodomy, as well as reckless conduct — for knowingly exposing a person to the AIDS virus, which is a felony — and obstruction of law enforcement, according to Assistant District Attorney Kevin McMurry in a previous interview with The Times-Herald.

Lebowitz has since been indicted and arraigned and is awaiting trial. He also faces similar charges out of Clayton and DeKalb counties.

Recently, the popular social networking Web site MySpace.com created a database as a means to identify and remove registered sex offenders from its online community. Officials with the online site have also agreed to share sex offender data — how many registered sex offenders are using the site and where they live — with attorneys general from eight states, according to The Associated Press.

MySpace general counsel Mike Angus announced that the site has already used the database to remove about 7,000 profiles out of a total of about 180 million, according to the AP.

Federal privacy laws require states to file subpoenas or other legal requests before MySpace can release the information.

Sgt. Mike McGuffey, an investigator at the Coweta County Sheriff’s Office who primarily handles the local sex offender list, is pleased that MySpace has started to share information with law enforcement.

“Predators should have absolutely zero access to places where children congregate, whether that be in public places or on the Internet,” said McGuffey.

McGuffey has been receiving increasingly more reports of incidents that occur online. He admits to using MySpace as “a resource” in solving crimes, although this new resource sometimes complicates the process.

While McGuffey feels the progress being made with MySpace has the potential of making the Web site a slightly safer place for young people to investigate, he points out that technology continues to evolve and predators will invent new ways of targeting the public. Safety against online predators starts in the home, according to the investigator.

“Ultimately, it ought to be up to the parents — it’s their responsibility to take care of their children,” said McGuffey. “Parents should be more involved in their children’s lives than in anything else. They need to set rules and enforce punishment when those rules are broken.”

Parents are advised to monitor their children’s online activities and not allow free reign. Sometimes, children will think that setting their profile to “private” will prevent their personal information from being compromised. But it won’t, reminds McGuffey.

“Even grownups should be careful on the Internet,” said McGuffey.

He especially cautions against dating Web sites, because predators often seek out common interests as a way into that person’s life. Adults are advised against posting pictures of their children online for potential offenders to see.

“A child predator will zero in on your children,” he continued.

Overall, America appears to be more aware of the dangers lurking on the Internet, according to McGuffey. Programs such as Dateline NBC’s “To Catch a Predator” have educated parents and children about how easy it is to fall victim to a predator and how bold these offenders can be. However, according to the investigator, the program is also educating the predator about the justice system and may, in some cases, help the person commit crimes more effectively.

“A true predator is going to do whatever it takes to get to his victim — wherever children congregate, he will be there.”

The following is a list of tips for navigating safely online:

* Just as in public, people should not talk to strangers.

* Parents should set computer filters and activate security features on all home computers whenever possible.

* Don’t allow children to have Internet access in their bedroom.

* Check the computer’s Internet history to see what sites have been visited.

* Finally, never underestimate what people are capable of.

Written by Elizabeth Richardson

MySpace Scams has redesigned the website, hoping to make it easier for you to find the information you need. Let us know how you like the new look and special thanks to ndesign for the layout.

Have you seen the Tractor Supply Company commercial about the free puppy?

A man says “My neighbor gave my daughter a puppy,” and then describes how they’re now buying toys, food, dishes, etc. The actor smiles and says “It’s like my dad always said: there’s no such thing as a free puppy!”

Well, this couldn’t be closer to the truth when it comes to the latest Nigerian ‘email’ scam: pets. Even worse, this genre of scam is rearing its ugly head on MySpace.

The American Kennel Club and the Council of Better Business Bureaus issued a joint press release on May 29th regarding this situation. A victim in Pittsburgh has described her experience in news stories in the LA Times and on WTAE Channel 4 Action News.

Here is an example ad that has been determined to be fraud by the Council of Better Business Bureaus.

“Lovely English bulldog puppy needing a loving and caring home, full of wrinkles, she is up to date on all her shots. Fine with kids and other pets, AKC and will come along with all her papers and toys, she will make the best house pet, will bring much love and joy to your home or family. Contact for more if you want to add her to your family.”

Chances are, there will be pictures included.

The rest of the scam goes like this:

1. There are shipping fees to get the puppy to the US (usually a couple of hundred dollars). You will be asked to wire these funds.

2. The seller will inform you they can’t ship the puppy because apparently there are also shots that are required for international travel. You will be asked to wire these funds.

The list goes on. The money flows out. And the dog? It doesn’t exist.

Written By Tina Parcell

The number of page views garnered by fraudulent sites climbed by a factor of five in March and April, fueled by a phishing scheme targeting MySpace users, stated a Google analysis published on Monday.

The attack used a modification to the style sheet of a user’s profile to place a transparent image over the page, causing a click on a link — or anywhere else on the page — to redirect the visitor to a fake MySpace login page, Colin Whittaker of Google’s Anti-Phishing Team, stated on the search giant’s security blog.

“The effectiveness of the attack and the increasing sophistication of the phishing pages, some of which were hosted on botnets and were near perfect duplications of MySpace’s login page, meant that we needed to switch tactics to combat this new threat,” Whittaker stated.

Phishing — using fake e-mail messages and Web pages dressed up with the brand names of trusted corporations — have increasingly been used to trick victims into giving up their valuable information. An e-mail posing as a complaint from the Better Business Bureau has recently been targeting the executives as small- to medium-sized business in a scam designed to shake free usernames and passwords from key corporate personnel. While the current attack spreads virally through MySpace, actual viruses and worms have been created for the social networking site.

“While a MySpace account does not have any intrinsic monetary value, phishers had come up with ways to monetize this attack,” Whittaker said. “We observed hijacked accounts being used to spread bulletin board spam for some advertising revenue.”

In mid-April, MySpace changed their server side code to disable bad links in users’ profiles and the traffic to known phishing sites dropped down to its pre-March levels, he stated.

Article from SecurityFocus

We have come to find out that this profile watcher is still on the loose. Do not use any profile watchers or trackers. All they will do is steal you MySpace login information and put a virus or spyware onto your computer. The safest bet is to not add untrusted code to your myspace page. You never know who will try to abuse it.

If you have already downloaded and installed the Profile Watcher, you need to remove it immediately and then change your myspace password.

If you are having trouble removing it then try using a spyware solution or antivirus to run a scan for the remaining program.

Technical Information:
1. COVERT ANALYSIS OF: Profile Watcher

* File Names Used: 8
* Paths Used: 6
* Common File Name: MUBILY08.EXE
* Common Path: %CACHE%\CONTENT.IE5\????????\
* Vendor Information: ZeroPoint Search Solutions
* MUBILY08.EXE may use 8 or more path and file names, these are the most common:
* 1 :%DOCUMENTS%\PORN\PROFILEWATCHER_SETUP.EXE
* 2 :%DOCUMENTS%\PROFILEWATCHER_SETUP.EXE
* 3 :%DOCUMENTS%\PROGRAM DOWNLOADS\PROFILEWATCHER_SETUP.EXE
* 4 :%TEMP%\18ZO19OF.EXE
* 5 :%TEMP%\MUBILY08.EXE
* 6 :%TEMP%\QF0XP27P.EXE
* 7 :%TEMP%\YEGN7HV1.EXE
* 8 :?:\TEMP\6GBWBF4O.EXE
* File Name Structure: Common
* File and Path Structure: Suspicious, code execution from unusual location

2. RELATIONSHIP ANALYSIS OF: Profile Watcher

* No relationship details available for this object

3. ACTIVITY ANALYSIS OF: Profile Watcher

* The following behaviors have been observed for this object:
* Runs temporary programs.
* Runs other programs.

Raiders fans have never been accused of being classy (or smart), so it figures that they would take out their frustrations on the MySpace page of Randy Moss. Most of the language was pretty blue, but pretty much what you would expect to hear in the Black Hole. So this kind of thing was expected. Actually, it would have been an upset if the Raiders fans didn’t react this way.

But what is the best part of all of this? That the Raiders would resort to the tactics typically reserved for teenage girls that have been bashed on the Internet meeting place. Seriously, how old are you guys, 10? Or the fact that the page probably doesn’t belong to Randy Moss at all?

Either way, you have to love those knuckleheads.

California may join Kentucky and Virginia in passing a law that gives the identities of registered sex offenders to social Internet groups such as MySpace.

The proposed legislation is California’s attempt to monitor sex offenders who troll chat rooms looking for young victims.

The plan would require registered sex offenders to report their e-mail addresses and Internet identities to the state which, in turn, would give them to MySpace and other social networks to block participation, the Sacramento Bee reported Monday.

The legislation is similar to proposed federal legislation and to new laws in Kentucky and Virginia.

Supporters call the legislation timely because online chat rooms and social internet groups are wildly popular. MySpace has about 100 million visitors per month, the Bee said.

Critics argue the legislation would infringe upon the free-speech rights of convicts who have not acted suspiciously and that predators easily could change their e-mail or instant message addresses.