A few weeks back I posted this blog entry predicting that QuickTime embeds would be used for upcoming MySpace worms and other evilness. Sure enough, ten days later I broke the story of the latest worm to hit MySpace. After my buddy PaperGhost wrote about it on his personal and company blogs it exploded all over the interwebz.
The cleanup process has been laughable at best so far. Brian Krebs over at the Washington Post slammed Apple and MySpace for the “yes, we is be retarded” move of having MySpace distribute a patch for QuickTime. And, MySpace has been playing the blame game by insinuating that Apple is at fault for the worm.
Yesterday, a metric ton of MySpace accounts were infected with yet another worm. As I predicted ten days ago, it was accomplished via a QuickTime embed. Visiting the profile of anyone infected would cause the navigation links across the top of your profile (Home | Browse | Search | Invite | etc…) to be replaced by fake navigation links which all linked to a spoof MySpace login page via some basic CSS and HTML added to your “About Me” section. And, the QuickTime embed was added to one of your “Interests” sections to further propagate this worm / phishing attack. At a glance, this looked like nothing more than that: a worm being used to phish MySpace passwords.
Now, spammers have found a new best friend: QuickTime Embeds that auto-redirect to the url of their choosing. This morning I logged into my MySpace and saw the following bulletin:
Title:
OMG!! UNLIMITED ringtones for ur phone!!!d0244
Body:
This site is a fukin ringtone GOLDMINE!!! I have no idea how they get away with this!!! Click on the link below to check it out!
A few weeks back I read this blog entry “Analyzing 20,000 MySpace Passwords” after seeing it on the homepage of Digg. The information presented is neat in that “I’m a nerd so I find this interesting” kinda way, but it didn’t reveal all that much. After being sent the url of a spoof MySpace log-in page, I checked the root and sure enough over 26,000 e-mail addresses and MySpace passwords were sitting there in a text file.
I sent the file over to my buddy Rabbit who aside from being a Sidekick 3 guru can toss together php scripts with ease. I asked him to run similar reports on the info as the other guy had done with his list of 20,000 passwords. After getting that knocked out, he wrote a little data scraping script to get demographic information on the phished accounts via the MySpace search for user by e-mail address function. Whenever you search for someone via e-mail you get some basic info along with a link to their MySpace profile: gender, age, sexual orientation, etc. Search Example
I started to write a little blog entry to go with this video, but it’s pretty self explanatory. MySpace; just like the rest of the internet, is infested with child predators who are constantly trolling for innocence. Here’s one that has been sending videos and pictures of himself to what he believes are 14-year-old girls.
If YouTube is down, this video is also on Google Video.
How’s that for a first blog post? lolz
Update: Since posting this video nearly 24 hours ago it has climbed into YouTube’s Top 100 for the day. It was at 99 for a bit, but moved up to 85 just a few minutes ago. Links to this post have been sent to Chip’s workplace, some news outlets (local to him and national), etc…
Could someone stick a fork in this guy? I think he’s done.
Update 2: 12pm here and I didn’t sleep last night. :-/
Just got my first call from a reporter though. Rick from the Star-Ledger in Jersey is doing a piece on this.
And, Steve Huff over at True Crime Magazine posted this blog entry after interviewing someone who worked with Chip in the past. It’s an interesting read to say the least.
Update 3: Just made the front page over at Digg.com. Sorry about the downtime I had for a few minutes. Note to self: Install cache plug-in on new WordPress blog before landing on Digg’s homepage.
Update 4: Over the weekend, John Powers of Action Report tracked down Chip and showed up at his house with a video camera in hand trying to get a statement from him. A blog entry about that can be found here.
Update 5: Looks like our buddy Chip lost his job over at Air America. John Powers has had that scoop and the transcript of a phone conversation with Chip in his case notes (no longer online).