Myspace: March 2009 Archives

As mentioned in this post, this is a program we originally came across way back in July 2008 via a tipoff from an anonymous source. At first, we were a little puzzled as to its purpose and our anonymous source vanished into the ether so no additional information was forthcoming.

All we knew was that it allowed us to browse nothing but Myspace. Specifically, Myspace Groups. When the browser was opened up on the desktop, it would automatically take you to a random Myspace group with no way to enter a different URL, and the display simply showed "previous URL" and "Group ID" in the middle, with a collection of buttons to the left.

"Previous", "Next", "Topics" and "Lottery".

Here is the "Lottery Browser" in action. Note that the browser in its default :

fullbrowser.gif
Click to Enlarge

After a little playing around, we noticed that continually hitting the "Lottery" button would (naturally enough) take you to a different group. Depending on how the groups were set up, some were openly accessible, and some displayed "This is a private group".

However, it's the private groups that were of interest where this browser tool was concerned.

If you hit the "Topics" button and the group had no content in it, you'd see the following popup:

notopics.jpg

If you came across a private group that had posts in it and hit "Topics", this is what you'd see instead:

lott3.gif
Click to Enlarge


All of your private topics are belong to us.

Now, I should stress - in testing, this browser rarely worked. More often than not, it would crash, hang, set the monitor on fire and burn down the house, those kinds of things. However, the potential for data theft (depending on the foolish things people post in "secret" groups"), information harvesting, harassment and plain old creepy voyeurism was still a risk where this "Lottery Browser" was concerned.

We don't know where it came from, and it seemed to die a death shortly afterwards. I'd have thought something like this would have spread like wildfire on the underground circuit, but it vanished almost as quickly as our mysterious tipster.

I suppose we should be thankful...
For a long time, I've been fascinated by what I like to call the "Rogue web browser" - a web browser that abuses the trust we place in our gateway to the web, and subverts its use for something more sinister. Here's a brief potted history of the known examples:

Yapbrowser, April 2006: A web browser that didn't force install, asked permission and displayed a EULA. Unfortunately, it also took you to a webpage pushing hardcore child pornography when you typed in any address into the web-browser.

Safety Browser, May 2006: A web browser that installed without permission via IM, looped a soundfile on your desktop, served you ads via geolocational technology and made your PC more unsafe than it was previously by allowing popups by default.

Browsezilla, June 2006: Allegedly inflated the hitcount of pornographic websites by opening up those pages in a way that the end user couldn't see the pages being opened, linked to sites launching the WMF exploit.

NetBrowserPro, March 2007: Pushed fake media codes, installed a rootkit, preyed on trusted brands.

Well, it's been a while but later on we'll be covering another addition to the list. We actually came across this last July, but as we said here, we didn't go into specifics because

1) We wanted to give Myspace some time to address the problem, which they seem to have done.

2) We didn't want lots of crazy people to go hunting for the program being used, given that Myspace sometimes takes a little while to tackle security issues brought to their attention and

3) Nothing tried to exploit your PC or steal your data, or we'd have released more information sooner. The solution to the problem caused by the program was simply to not post any personal or potentially "sensitive" information to private Myspace groups - if you weren't doing that (and you shouldn't be anyway!) then you had nothing to worry about.

4) The program itself was rather buggy, and had an extremely low rate of success. After exhaustive testing, we only saw it do what it was supposed to do twice. No sense in causing a panic.

At any rate, it's been eight months and the program doesn't appear to work at all now. With that in mind, we'll take a peek a little later on...

Pages

About this Archive

This page is a archive of entries in the Myspace category from March 2009.

Myspace: February 2009 is the previous archive.

Myspace: May 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.