Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
Recent Posts
Monthly Blog Archives
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

« New Myspace Feature Gives Green Light To Spammers | Main | Do It Yourself Phishing for Social Networks And Webmail »

  • Myspace Fake Profile Spammers: This Is How They Do It

A few weeks ago, we covered Spammers running riot on Myspace pushing ringtones and dating profiles. Have you ever wondered how Spammers go about their daily business? If so, you're in luck because it seems likely that we've pieced together the tools (and domains) used for this very wave of fake profiles.

It all started with a domain I'd been looking at for a few days, which touted a "Myspace Directory" containing numerous text files named after various sections on the typical Myspace profile - "Gender", "Interests", "Heroes" and "Movies", to name but a few:

Click to Enlarge

Here's a Birthday file:


Here's a list of names:

Click to Enlarge

Here's the name for the spam profile itself:


And, more tellingly, here's an image file - the profile picture for the spam account:


Look familiar?

It doesn't take long to figure out that these different text files are values the Spammers use to populate their fake profiles. But how do they get that data into the fake profiles in the first place?

It all begins with a domain that (for some unknown reason) was left with the Spamming tools sitting on the frontpage of the site:


Thanks to a tip from my pal LoLo, I was able to grab the files and take a look inside. The domain hosting these files changes its content on a regular basis. Sometimes it serves you geotargetted adverts, other times it'll hand you an ad for a dating page (the picture of the girl with the laptop has been used on the majority of more recent spam that appears to come from the same group):

Click to Enlarge

And (thanks to the magic of Google cache) we can even see the domain hosting a fake Myspace page:

Click to Enlarge

The example above is overlaid with a redirect that takes you to more targeted adverts. For what it's worth, this particular kind of spam profile has been on Myspace since at least June 2007.

If we take a look inside the first zipfile, we see the following collection of files and folders:

Click to Enlarge

Exploring those folders a little deeper (and faced with numerous .cs files), renaming some of them to .txt files....


....allows you to take a peek inside:


Once again, we see references to the most common categories on a Myspace profile. As you're about to see, this is hardly a coincidence. From the second zipfile:


"Myspace program.exe"? Shall we take a look inside the program before we fire it up?

Click to Enlarge

Well, would you look at that. Not only is the domain with the "Myspace" folder referenced in the code, but (more importantly) all of the individual .txt files that relate to "Birthday", "Books", "Movies", "Interests", "Heroes"....they're all there. Shall we put it all together?


This is the tool that apparently makes it all happen. Note the entry box in the bottom right corner - from what we can gather, you enter the profile name you'd like for your Spam profile and hit Start - at which point, it checks out the information provided in the .txt files sitting on the domain, before attempting to contact another part of that website that allows it to create the spam profile on Myspace. At time of writing, the program doesn't seem to work due to a page missing on the domain hosting the spam profile information. Of course, they could bring the page back at any time, but for now, Myspace seems like it may be spared from more fake profiles selling ringtones, dating ads and free iPods.

For a couple of minutes, at least....

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research: Chris Mannon, FSL Senior Threat Researcher

  • TrackBack

TrackBack URL for this entry:

Listed below are links to weblogs that reference Myspace Fake Profile Spammers: This Is How They Do It:

» map from http://mapsaccess.info
most luxurious map. [Read More]

» Tramadol. from Tramadol.
Tramadol. [Read More]

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.