Yesterday, a metric ton of MySpace accounts were infected with yet another worm. As I predicted ten days ago, it was accomplished via a QuickTime embed. Visiting the profile of anyone infected would cause the navigation links across the top of your profile (Home | Browse | Search | Invite | etc…) to be replaced by fake navigation links which all linked to a spoof MySpace login page via some basic CSS and HTML added to your “About Me” section. And, the QuickTime embed was added to one of your “Interests” sections to further propagate this worm / phishing attack. At a glance, this looked like nothing more than that: a worm being used to phish MySpace passwords.

continue reading "MySpace Worm: Phishing Accounts and Spreading Zango Porn"

After getting hit with the Flying Spaghetti Monster Worm (NSFW-ish link), 9/11 Worm, and approximately a gazillion billion members were infected with adware by downloading some garbage after being auto-redirected to fake MySpace IM & Porn Sites; MySpace implemented their Flash 9 security update in July. Sure, this was a major blow to the legit companies who feed the MySpace beast with widgets, but at least it slowed down the MySpace-to-SpamSpace morph. Since that time, MySpace has been hit by a number of small worms that employed Javascript workarounds, but those only required small patches to send them the way of the dinosaurs.

Now, spammers have found a new best friend: QuickTime Embeds that auto-redirect to the url of their choosing. This morning I logged into my MySpace and saw the following bulletin:

Title:
OMG!! UNLIMITED ringtones for ur phone!!!d0244

Body:
This site is a fukin ringtone GOLDMINE!!! I have no idea how they get away with this!!! Click on the link below to check it out!

http://profile.myspace.com/(url-truncated)&friendid=2a690aa49d

—
The bulletin was not posted by the owner of the account which it was sent from. The spammer posted it from his account after phishing him.

continue reading "QuickTime Embeds: MySpace Spammers New Best Friend"

A few weeks back I read this blog entry “Analyzing 20,000 MySpace Passwords” after seeing it on the homepage of Digg. The information presented is neat in that “I’m a nerd so I find this interesting” kinda way, but it didn’t reveal all that much. After being sent the url of a spoof MySpace log-in page, I checked the root and sure enough over 26,000 e-mail addresses and MySpace passwords were sitting there in a text file.

I sent the file over to my buddy Rabbit who aside from being a Sidekick 3 guru can toss together php scripts with ease. I asked him to run similar reports on the info as the other guy had done with his list of 20,000 passwords. After getting that knocked out, he wrote a little data scraping script to get demographic information on the phished accounts via the MySpace search for user by e-mail address function. Whenever you search for someone via e-mail you get some basic info along with a link to their MySpace profile: gender, age, sexual orientation, etc. Search Example

continue reading "Demographic Info From 26,000 Phished MySpace Accounts"

I started to write a little blog entry to go with this video, but it’s pretty self explanatory. MySpace; just like the rest of the internet, is infested with child predators who are constantly trolling for innocence. Here’s one that has been sending videos and pictures of himself to what he believes are 14-year-old girls.

How’s that for a first blog post? lolz

Update: Since posting this video nearly 24 hours ago it has climbed into YouTube’s Top 100 for the day. It was at 99 for a bit, but moved up to 85 just a few minutes ago. Links to this post have been sent to Chip’s workplace, some news outlets (local to him and national), etc…

Could someone stick a fork in this guy? I think he’s done.

Update 2: 12pm here and I didn’t sleep last night. :-/
Just got my first call from a reporter though. Rick from the Star-Ledger in Jersey is doing a piece on this.

And, Steve Huff over at True Crime Magazine posted this blog entry after interviewing someone who worked with Chip in the past. It’s an interesting read to say the least.

Update 3: Just made the front page over at Digg.com. Sorry about the downtime I had for a few minutes. Note to self: Install cache plug-in on new WordPress blog before landing on Digg’s homepage.

Update 4: Over the weekend, John Powers of Action Report tracked down Chip and showed up at his house with a video camera in hand trying to get a statement from him. A blog entry about that can be found here.

Update 5: Looks like our buddy Chip lost his job over at Air America. John Powers has had that scoop and the transcript of a phone conversation with Chip in his case notes (no longer online).