[funsec] MySpace Accounts Compromised by Phishers

Gregory Hicks ghicks at cadence.com
Fri Oct 27 15:16:10 CDT 2006


> Date: Fri, 27 Oct 2006 15:52:06 -0400
> From: "Dude VanWinkle" <dudevanwinkle at gmail.com>
> To: "Valdis.Kletnieks at vt.edu" <Valdis.Kletnieks at vt.edu>
> Subject: Re: [funsec] MySpace Accounts Compromised by Phishers
> Cc: funsec at linuxbox.org
> 
> On 10/27/06, Valdis.Kletnieks at vt.edu <Valdis.Kletnieks at vt.edu> wrote:
> > On Fri, 27 Oct 2006 15:15:58 EDT, Dude VanWinkle said:
> > > On 10/27/06, Fergie <fergdawg at netzero.net> wrote:
> > > > Good question. :-)
> > > >
> > >
> > > a better question is why the hell would you jack a myspace page?
> > >
> > > is there any way to make money off it? What are the incentives?
> >
> > You jack a page, now you have a starting point to feed IE exploits at
> > all the victim's friends when they visit.  You get lucky and nail somebody
> > with 2,349 "friends", that's a lot of leverage.  Especially if part of the
> > thing you shoot them is something to whack *their* Myspace page and go 
viral.
> >
> > High hit rates by people who are likely not security/privacy conscious.
> > What's not to like about it if you're a black hat trying to monetize it? :)

Something else he didn't mention...

The users probably have the same user name and password for MySpace
that they have for other online services.  Thus, capturing those may
give an 'in' to other, more lucrative, prospects.
-------------------------------------------------------------------

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton




More information about the funsec mailing list