Slashdot Mirror


Hackers Target MySpace and Facebook

Stony Stevenson writes "The security firm Fortify Software has warned against a series of attacks against Facebook and MySpace. Buffer overflows that enabled hackers to exploit the Aurigma ActiveX image uploading software used by social networking sites were at the heart of the assault. 'Criminal hackers now view social networking sites as their best target for attacks ... [partially because] such sites are designed to be usable by "unsophisticated" consumers, meaning that the barrier to entry for attacks is potentially lower as users are more likely to click on a link that leads to malware.'"

1 of 93 comments (clear)

  1. Some info and blocking instructions by Anonymous Coward · · Score: -1, Troll

    Lulz[myspace.com] has written a pretty good MySpace blog entry
    [myspace.com] about this, along with some protection and removal instructions if needed(in the
    comments and in my post also). One of this guy's hobbies is exposing
    MySpace scammers. He actually predicted about a week ago that an
    exploit like this would happen. Friend him if you have a MySpace. I
    can't tell who came up with this information first, Lolo or these guys
    but Lolo may have gotten there first. Either way you need to read his
    blog posts if you use MySpace...

    Please note that you can be infected by this virus by simply viewing an infected profile. It doesn't matter what browser you use, I was using Firefox 2.0 with AdBlockPlus and a decent filterset updater and was infected. I DO NOT believe it steals your password without going to the fake login page. So if your profile gets infected you are probably fine simply removing it

    Here's how to prevent it:

            Use the FIND command or CTRL F to find the word LOGIN.

            It starts with this line of code ... I have stripped out the first "

                    style type="text/css"
                    div table td font { display: none }
                    div div table tr td a.navbar, div div table tr td font { display: none } .testnav { position:absolute; top: 136px; left:50%; _top: 146px

            The code was at the very end/bottom of my ABOUT ME section.

            It then continues with an obvious line of code for the menu choices. I stripped out the code and the page is fine ... FOR NOW!

    To truly protect yourself you need to adblock the offending Quicktime object - or better yet all .mov files.