Tuesday, May 16, 2006
Myspace Phishing Attacks on the Rise
Phishing Attacks against the very popular social networking website are on the rise.
Newest one discovered - http://www[dot]myspacealbum[dot]com/.login/index.html
Abuse Contact @ the Domain has been alerted by e-mail.
This URL was passed around in a bulletin titled "CHECK OUT these old school pictures...". The bulletin was posted by a friend without his knowledge.
Malware or some type of script injection attack might be the bulletin posting vector.
But if they can send bulletins as you without your knowledge, then can install a bank info stealing trojan with a IE vulnerability. The malware or attack script could alter your profile enough that all visitors (your friends) get attacked via drive-by-install.
Within the past week, another bulletin about "party pictures" was used to spread another phishing URL.
Perhaps Myspace should use some of those ad dollars and think about getting a security@myspace email account working ;)
The collected e-mails and passwords could be used to collect more important information. Tons of people use the same password for both for multiple pages.
Lets just hope that most of the younger people don't have paypal accounts ;)
As these social network groups grow, they are now in the crosshairs to become a future attack vector.
Malware distributors can operate hidden behind the cloak of "fun harmless social interaction" and take advantage of client-side vulnerabilities via script injection - Myspace worm ring a bell.