Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Phishing Attack Leads Users to Zango Adware

Posted by CowboyNeal on from the movies-that-add-something dept.

An anonymous reader writes "Security site Spywareguide.com reports that a new worm is doing the rounds on MySpace. Taking advantage of the HREF feature in Quicktime movies, a fake login bar is displayed on infected users profiles via some JavaScript coding. If you login (via one of the many hacked servers hosting the JavaScript and movie file) you'll find you start spamming messages containing a pornographic movie. That movie leads to a site that's pushing Zango Adware left, right and center. Is this more evidence that Zango has yet to clean up their affiliate networks?"

2 of 95 comments (clear)

  1. Re:Sigh by Anne+Thwacks · · Score: 2, Interesting
    There are two reliable methods by whch all spamming, phishing, etc could be stopped for good:

    (1) Use of cruise missiles against the perpetrators

    (2)the same what that on-line gambling was stopped - action against the credit card companies.

    All this stuff is for monitary reward - read "credit card transactions". No Credit card involvement means no problem.

    And dont come with that "its the foreigners doing it" Who ever is doing it, its Americans paying, with American credit cards and banks. None of the stuff being pushed thro spam is physically available to anyone else. All the phishing is to take credit card details, and all the credit cards are American.

    As been said time and time again .... Follow the MONEY

    --
    Sent from my ASR33 using ASCII
  2. Re:[Slightly OT] Phishing -- a partial solution by ArizonaJer · · Score: 2, Interesting
    One concern I'd have is: What if the PwdHash project dies and their site goes offline permanently? And let's presume that the extension is also no longer available, or just that you're using a computer without it. As I understand it, the user would then have no way of generating or even knowing what his/her passwords are.

    In this situation, you'd have to reset all your passwords, but even that would be tricky because many sites demand your old password before you set a new one.

    I suppose one could use the PwdHash site's form to generate all one's hashed passwords and then store them locally in an encrypted file. But I thought one purpose of PwdHash was to make password management easier, not harder.

    --
    Jeremy Butler
    www.ScreenSite.org
    www.TVCrit.com