Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Accounts Compromised By Phishers

Posted by ryuzaki0 on from the even-the-wary-beware dept.

An anonymous reader writes, "Netcraft has discovered that the social networking site MySpace appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form submits the victim's username and password to a remote server hosted in France." From the article: "The hackers have engineered a fake login form on MySpace's own web site. Netcraft has notified MySpace of the issue, although it currently remains live. Because the fraudulent login page is hosted on MySpace's own servers and does not exhibit any signs of external content, such as cross-site scripting or open redirects, it is convincing and even security-conscious users are at risk of becoming victims. The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form." This Washington Post story from a few months back explains what's in it for the phishers.

4 of 86 comments (clear)

  1. Finally by 1310nm · · Score: 3, Funny

    Keep up the good work, phishers!

    The secrets of apathetic teens will soon be aired for the world to view!

  2. You can view the horrible phishing status for free by Anonymous Coward · · Score: 4, Interesting

    OpenDNS people started http://phishtank.com/ service which is completely community based, as you can actually see the phishes and verify them, I have seen some amazing stuff around. Compromised servers having SSL certificate which are abused in phishing operation, some pages having fake addressbar on top and most important of all, USA based banks are being phished from USA cable modem subscriber (haxored) and nothing done against it for days.

    BTW as it is free to use, SURBL added it, now the stuff which you verify actually helps to people using that free list.

  3. NOT on Myspace's MAIN PAGE by kihjin · · Score: 4, Informative

    FTA:

    The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form.

    Netcraft says this is still live on Myspace's main page. I've looked at the HTML source for both the main page, and that special login page you get when you try to access a portion of the site that requires you to log in. On both pages, I located the form element which controls the login. The method is POST, and the action redirects to a script under the "login.myspace.com" domain.

    So the summary and the article itself is slightly misleading (at first) by implying (perhaps unintentionally) that the phishing attempt is coming directly from Myspace's main page.

    --
    This slashdot-related signature is a stub. You can help kihjin by expanding it.
  4. Re:Not quite. by Fred_A · · Score: 3, Funny
    Almost 41% of MySpacers are aged 35 to 54 - a big increase since last year.
    So it's TheirSpace now ?
    --

    May contain traces of nut.
    Made from the freshest electrons.