The Free Myspace Viewer - Beware!

|

It's been an interesting few weeks for Myspace - there's been a number of scams and dubious programs making their way across countless user profiles. The "fun" clearly isn't over yet, because check out the latest piece of scammery doing the rounds on everybody's favourite social networking site...


A while ago, there was a particularly nasty scam going around the Myspace network, called the Myspace Adult Content Viewer. If you visited a fake profile, you'd see this gigantic popup appear telling you to download "something" to be able to view the page. Of course, anyone doing so would find their PC hit with various Adware and Spyware bundles.

Well, the creators have decided to mix things up a little, because here we have their latest piece of social engineering (at least, we're assuming it's made by the same people because it follows the methods and techniques used with the Adult Content Viewer, plus the name is almost identical which is a bit of a giveaway) - the "Free Myspace Viewer". Visit a fake profile carrying this thing, and you'll see this appear on your screen. Note how they tell you the content is "securely protected" - because there's nothing like making people think your rogue install is actually some sort of security feature! At this point, depending on the fake profile, you may or may not see this appear when you click the popup. It's an image verification screen - another nice piece of trickery designed to lure inexperienced users in. Before you ask - yes, the code generated really is random every time - it's a fully functional (if slightly pointless) Captcha. Someone's put a little effort into this one.

Eventually, you'll download the application, run it and.... a fake Codec is your reward, of the Zlob variety! Needless to say, you really don't want one of those things installed on your PC, because of the varierty of not-so-wonderful programs they've been known to install. Namely, any one of a number of completely fake "security programs", many of which are listed here.

The domain details for the site the installer downloads from is listed as Ukranian, and the hosts? Estdomains, who (amazingly enough) provide the hosting for many of the programs that can be installed as a result of this hijack.

We know from past experience with these kinds of Myspace hijacks that the payload will often change daily, so you can never quite be sure what you're going to end up with. Do yourself a favour and steer well clear of these things!

Thanks to Burnt Pickle for the tip.

About this Entry

This page contains a single entry by Christopher Boyd published on November 27, 2006 1:49 AM.

IM Security Term of the Week: "Foley'ed"- E-Discovery Day was the previous entry in this blog.

Myspace Phish Attack Leads Users to Zango Content is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.