Phishers Return To MySpace
Security researchers are warning Internet surfers to be wary of MySpace phishing sites that try to outwit the anti-spam solutions of the popular online community. A number of spurious MySpace web pages are scattered over the Internet. Like in all other online crime, this one too has profit as the prime motive.
Computer and Internet security software developer McAfee Inc., said it found many sites this week that were exact duplicates of first page of MySpace.com. People unable to recognize them are signing in with their usernames and passwords.
Since no sensitive information like credit card or bank account particulars are saved in the users' accounts, what could the phishers be seeking, wondered researcher Kevin McGhee in a posting on the McAfee Avert Labs blog on February 19, 2007.
McGhee continued that after surveying the topic he understood that spammers were recording the MySpace users' account details to post spam messages in people's accounts. While MySpace could be aware of this problem, it couldn't close down legitimate user accounts. Had these been new registered accounts, which spammers acquire to send out spam, MySpace could have taken action.
It is not the first time that MySpace encountered this kind of fraud. In January 2007, MySpace filed a suit against a Colorado man accusing him for stealing passwords to log into those accounts to send spam mails. The man had been one among the then top three spammers.
According to McGhee's research, infected versions of music files containing a payload could replace the original files. Music files are the most common profiles of MySpace. The payload could be a bot or a keylogger each working as an instant threat to users of the captured PCs.
An attacker of MySpace.com could use information stored in a user's MySpace profile to obtain access to accounts on other sites and read content from there as often people use the same password for multiple sites.
MySpace has cautioned users to change their passwords if they come across bulletins or messages on the website, they did not ask for. They should also be alert to keep their account information secret.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 02-03-2007