Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


A New Phishing Attack on MySpace

Network security provider, 'Netcraft' warns that MySpace has fallen victim of a phishing scam that did not exist earlier. Attackers use a technique of tricking users to reveal passwords through an authentic MySpace account.

Netcraft (netcraft.com), which specializes in analyzing websites, on Thursday October 26 2006, discovered that hackers took command of MySpace (myspace.com), a social networking site, by offering a hoax login form on the main site. The login form dupes the victim to submit his/ her username and password to a distant server in France.

Netcraft has subsequently alerted MySpace of the situation. The fraud login page appears real as it is hosted on MySpace's own servers and does not provide any clue of external content like 'cross-site scripting' or 'open redirects'. Consequently, the attack can trap even those users who maintain security updates.

The attack takes place from a profile page having the username as 'login_home_index_html', and applies 'custom-coded HTML' to conceal the actual MySpace content, displaying the modified login form in its place. When through the process the user account is compromised, it becomes simple to access personal information.

The attack is special because it does not use doubtful techniques such as 'cross-site scripting' to spoof the users. This implies MySpace's automated tools employed to search malicious content may not give the strategic clues.

MySpace profiles have no concern with credit card numbers and bank accounts, being social networking site; however, they can be means to spread malware or to cunningly design even more skilled phishing attacks in the future.
According to Netcraft analyst Rich Miller, on October 27 2006, 'Pacific' exploited the way MySpace arranges URLs to present the false login page an authenticable web address. This scheme could baffle even the more security savvy users.

The attack is new, which indicates another malicious way that phishers are using to fool people into divulging their account details. Sites like MySpace are characteristic of containing database of unlimited usernames. If a user is not sure whether he/ she is on the right login page, they should go to the main address, said a News Corp. spokesperson.

Related article: A New "Blackmailing" Variant Creeps Around…

» SPAMfighter News - 11/1/2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page