p2pnet.net news special:- Interesting email from our m8 Korrupt on Gulli over in Germany. He tells p2pnet about phishing activities on Rupert Murdoch’s MySpace, which is touted as a ‘We’re all friends together’ kind of site and which has consequently pulled millions of punters, including hoards of young kids. That’s why it’s so popular with online sexual predators.

But it’s always been primarily an advertising and marketing vehicle and now MySpace has also become popular with hard-core crooks engaged in phishing, a criminal activity whose practitioners, “acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication,” as the Wikipedia sums it up.

“We’ve seen myspace phishing attempts before and all the email scams before relied on sending the user to a myspace-layouted login site where he was asked to login,” says Randolf Jorberg on Gulli, going on that a new scam is threatening the MySpace community and, “this time the bad guys upgraded to web2.0 and took phishing, spamming and viral marketing techniques to create a new dangerous mashup”.

The Gulli post (auf Deutsch, hier) goes on:

You have probably seen the following messages in the myspace comments lately: ‘See who is spying on your MySpace page! Start tracking your profile lurkers!’ or ‘Hey, I can see who looks at my profile! Now you can see everyone who looks at your MySpace page! Click here to start tracking your profile visitors!’

If friends recommend you such a service, you certainly want to check that out. Clicking the linked URL downloadthefox.net redirects you to www.stalkertrack.com/super/ where you are promised a myspace-tool to ‘Track viewers who viewed your page and give you their: Picture, Username, Link to their page, and when (date) they viewed your page!’. Users don’t like to read, so they’ll most likely forget to take note that the site says that the tool is not yet released and they’re not signing up for the service but just entering their myspace login data in a ‘Tracker Promoter Form’. After submitting your login details you’ll not be given any more information, but you just arrive at a page showing you some ads. Stalkertrack will use your Account to comment on all your friends pages, so that they do hopefully add their login data

If you read the fine print you’ll be told the whole thruth:

Terms of Use / Privacy Policy:

By filling out this form, you authorize us to spread the word about this 100% real and ONLY working profile viewer. You will receive your share of the credit in helping us launch the tracker. This is a harmless profile tracker site that is coming soon looking to spread the word about our plans!

We do not share your private information with any third parties. We do not “SPAM” people with commercial messages nor do we collect any information to be used outside the scope of this free tell-a-friends promotion! This is not a ‘phishing’ site that attempts to ‘trick’ you into revealing personal information. Everything we do with your information is disclosed here.

…

We may do a combination of the following based on your friends’ interest.

1. Temporarily access your MySpace account for the following purpose(s).
2. Post “tracker information” bulletins in the appropriate section.
3. Comment your friends about this tracker.
4. Introduce new entertaining sites.

This is a free service. You will not be asked to pay at any time.
You will not be subscribed to anything asking for payment.
This service is made possible by many hours of human effort.

Result: There are currently more than 1.4 million myspace-profiles indexed by google that show one of these two messages.

It’s not easy to estimate the number of myspace-accounts stalkertrack.com was able to phish and the curious visitors pushed the site up to an Alexa rank in the Top 5000. The simple nature of this scam is easy to copy so other evil marketers will surely get even more viral ideas for distribution. This is a new threat, that we’ll definitely seen in increasing numbers in the future.

Conclusion: Even if they say it isn’t: Stalkertrack will abuse your phished Myspace-Account to spam all your friends profiles with advertisements for their not-yet-working service and other ‘entertaining sites’. If you’ve entered your login at stalkertrack.com, change your password immediately and check your friends comments area, if ‘you’ have already spammed it. Send this link to your friends, if they’ve posted an advert for stalkertrack in your comments area, so that they can stop the people that spam using identity. Myspace will hopefully remove all the Stalkertrack postings and inform the users later, but if you don’t trust myspace, do it yourself.

(Cheers, Korrupt)

Slashdot it!

---

Want to subscribe to p2pnet by email with Feedburner? Just click here.
rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php | | And use our own p2pnet newsfeeds for your site

---

If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at the University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.

This entry was posted on Sunday, January 28th, 2007 at 12:28 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 3700 times