Harmful Codes are Spreading through Myspace

As per the news by Securitypark.co.uk on July 17, 2007, several harmful codes are distributed through the pages of MySpace. Although these pages are not created for spreading deadly codes, but they have been specially modified by changing some design flaw without any prior permission of the user.

A majority of these harmful codes are Trojan horses, such as FireByPass.BA, that leaks out the private data stored in the system by the user. This and other kind of Trojan horses found in the social networking site make use of the techniques of rootkit to conceal their processes that makes them all the more dangerous.

Luis Corrons, Technical director of PandaLabs, said that the cyber criminals want their technique to be distributed as much as possible and that is why they choose the networks, which can lure several Internet users to spread their creations, as published by Help-Net Security in the first week of July.

Interestingly, this isn't the first case of exploitation of MySpace for spreading harmful codes. The initial strike against social networking sites began in 2005, when a user of MySpace designed a worm, which was detected by PandaLabs and named as MySpace.A. The worm allowed the entry of millions on the contact list.

In 2006, another worm attacked MySpace in a semi-automatic way. This time, the MySpace worm took the help of Apple's QuickTime movie's HREF Track feature and MySpace's XSS flaw to successfully spread and implement its deadly tasks.

Not only this, the worm brought changes in the profile headers that displays the group's tabs or forum tabs etc. Because of that, all of the headers pointed towards a fake site. That was a disguised version MySpace's official Website for pilfering passwords and user names. This spam has also send spam on a huge scale to all contacts of exploited users.

The researchers of Internet Storm Centre have cautioned the users that drive-by exploits have been implanted in a few genuine MySpace pages.

According to the news by Informationweek.com in the last week of June 2007, chief technology officer with the Internet Storm Centre, Johannes Ullrich, said that generally people trust the site of MySpace and don't disable anything from it. No doubt the site of MySpace is trustworthy, but the material built by the users are not.

Related article: Harmful spam increased by eight times in Q3

» SPAMfighter News - 7/26/2007