My Space = malware plague conduit !!

Is there any doubt that the lol "social network" sites are a whoppinggreat window for propogation of mals.

If you or yours have connections to these sites: be careful; the dam may have already burst..
http://blogs.zdnet.com/security/?p=1615&tag=nl.e550
http://msmvps.com/blogs/spywaresucks/archive/2008/07/15/1640737.aspx

Got those links from here:
http://www.dslreports.com/forum/r20889415-MySpace-Pushing-Malware-WinAntiVirus-AGAIN
There is a good post there with some analysis of the coding.

tbh, I loathe that false intimacy masquerading as some sort of connection: at best it's sort of fun: at worst full of push advertising, a nest for predators and a cesspit of chicanery.

heheh; I have no friends...

 

I keep trying to tell people Web 2.0 is going to bite us all in the hind quarters, but OH NO, no way are the people I tell going to give up sharing their personal information and their diaries and whatever with the cute guys and girls on the social networking websites....never mind the fact that a good percentage of these "profiles" are faked. And NO WAY is anyone going to stop using online office suites and the like to store data...never mind the fact that those servers can crash just like yours and can be hacked just like yours...only issue is, unlike your servers, you don't know how well protected their servers are, and you can't roll out additional protection when you want/see the need.

To all that I say fine, keep using this crap with the fancy eye candy and the "ease of use". But when you suddenly lose those important presentations that may have helped you get a raise or provided your company with million dollar contracts because your data went bye bye when that online office suite's servers burned up or got breached, when you start finding your personal data being traded on the social networks between 16 year old hackers or a really old scraggly guy with a penchant for "young'uns shows up at your door because your daughter has been talking with this "OMG he's soooo cute and sensitive!" "15 year old mall worker" and they wanted to meet, and everything else that is bad that can happen, don't come crying to me. All you will get is "I told you so".

And just so I can make an on-topic comment....Myspace scares me more than the warez sites as far as malware is concerned.

 

LOL the Register calls My Space :"social netvomit"
and to make it just that little bit more accessable to ALL ;

http://www.theregister.co.uk/2008/08/06/myspace_on_a_cloud/

I know: i'm an old f@rt...

 

You are not alone.

The minute I hear one of my Clients "social networks" I try to explain to them about social engineering and the dangers. They either get the glazed over look of total incomprehension or just do not care.

 

Whatever happened to REAL social networking? You know, bars, malls, office parties? The only viruses you ever got from those were.....wait, nevermind.

 

I've avoided myspace. First, I'm just too damned old and I've read that the place is more dangerous than warez sites these days, and those are bad enough. Myspace would probably be a good place to collect malware for testing though.

 

And the malware said: "It's my space!"

 

Not to mention the new hybrid file types (GIFAR, etc.) that can't be detected yet by security software or the vulnerable applications they exploit , yet will steal your credentials from MySpace, Facebook, (or even Amazon.com) etc. A photo that can steal your Facebook account

 

So is this with advertisements So adblock plus and other adblocking programs will stop this?

 

I despise these sites, especially Facebook. Anyone ever tried going on Facebook with Peerguardian running? Mine flashes like a Christmas tree using IE - Firefox not too bad as I have NoScript blocking everything - with a list of 'bad' addresses and countless advertising trackers. How people voluntarily give up their personal details like phone numbers and addresses and god knows what on these sites is beyond me. Still, their loss I say.

 

I'm actually surprised Facebook makes PG go nuts more than Myspace, maybe things have changed there. When I went to Myspace (very rarely I might add), it looked like I was under a denial of service blitzkrieg.

 

I'm not sure it made it go more than MySpace - my Hosts file blocks MySapce automatically, and reading here I now know why. I've only been on it a couple of times anyway. Thank god for SandboxIE and NoScript and the like I say.

Great phrase

 

Given what I've read...

No, this particular type of attack is not through advertisements.

It works on websites where a user is allowed to upload files. An attacker could upload a file that looks like a picture, but is also really a malicious Java applet.

For example, you see someone's profile that looks interesting. They list their website in their profile. You look at their website (while still logged in). Your credentials are stolen.

Noscript should be able to stop this particular attack. You could also disable Java and that should stop it too.

 

I have noscript already on. I have myspace allowed. Should I block myspace or will it block it automatically based on how noscript blocks java from different sites that are connected to the site your on

 

My SysAdmin at work had to block MySpace's domain because he noticed that was where most of the malware being installed on user's workstations.

 

Funny. My sister is also using mySpace with FF3 and avast! and i haven't noticed anything weird so far...

 

@cheater87

I'm not familiar with the details of this kind of attack (it's concept code at this point), but I would suggest being safe and blocking it.

If blocking MySpace is inconvenient for some reason, you might run a separate browser process if you have to connect to another site while you're still logged into MySpace. This has been recommended before in order to avoid certain kinds of XSS attacks, and is probably good security.

 

Anywhere in inetland where n00b prey gather, you will find predators.
Just like Nature, the watering holes in Africa attract all of the predators.
Myspace is the African equivilant of a watering hole during the dry season.

 

Turning Social Networks Against Users

 

Personally never been there and never will. Theres be wide TV coverages over that My Space site and the FBI and other law enforcements agencies consistently monitor it because of absolute trash and illegal content it pukes out on a regular basis. It's been a windfall for law enforcement conducting investigations of violence and hate crimes posted openly on it and criniminals have openly shared video of their activities on it, making it for me anyway a black plague to avoid for the next million years if it even lasts another year or two.

As far as a conduit for malware, i wouldn't be surprised if it's laced with keyloggers from both sides of the social members in play on it, definitely not my cup of tea.

A site definitely that's left up deliberately for law officials that make for easy tracking and captures of shady dark side types.

There are much better more level-headed sites but this one has gained both popularity and a reputation better avoided IMO.

 

Hello,

You have provided the answer to your own question... if there ever were one.

These sites cater to a specific audience - usually not very computer savvy or security conscious, happy clickers, all in all. So blaming websites for incompetence comes as the best course of action.

I don't very much like these sites for what they are, how they look etc, but in general, they are not much different from oh-so many other sites. A proper choice of the browser makes for 99% hard work.

Mrk