Thursday, December 20, 2007

Phishers Bypass Myspace Link Protection Scheme - Again

After making my morning coffee, I jumped online to check my vitals. I noticed one of my friends is having a birthday today, so I went to send him a quick message. After that it was all downhill.



It started with this message. That isn't your normal everyday message, so I started to dig a bit.



Umm, this isn't good. The photo points to rnyspacelogin.com. The "r" and the "n" play tricks on the human eye, to the point that it almost appears to be a "m" - but it isn't. Also note that the link in the status bar is not being covered by Myspace's Msplinks protection scheme. More on that in a bit. Lets check this phishing site, see if it is still up.



Still up and playing the full Juno movie ad. Nice. Lets find out who and where this page is being served.





That is right boys and girls, China - just in case you couldn't have guessed from the post title. Lets look at that photo embedded in the original message. Why isn't it being covered by Msplinks?



Ok, it is hosted at Imageshack, so lets found that in the source of the page.



Very strange, yet very similar to other bypass tricks that I have reported before. They are using strange (yet valid) anchor / image herf tags to get around the filters.

Now to fill that lame form out on Myspace to report this.....

1 comment:

  1. thanks teezy, you're so helpful! But, always be careful if you see Mavericks logo's behind people's pictures. They're either not real or they are idiots! lol
    love liz

    ReplyDelete