Malicious code distributed through MySpace
Most of these malicious codes are Trojans, like the dangerous FireByPass.BA, which captures confidential information entered or saved by users on computers. This and other Trojans found in MySpace use rootkit techniques to hide their processes, which makes them even more dangerous.
This is not the first time that MySpace has been used to spread malicious codes. The first attack against social networks started in 2005, when a MySpace user created a worm (MySpace.A) that allowed them to add a million entries to their contact list. This was, however, a low-danger infection.
The first attempt at causing a serious infection through MySpace took place towards the end of 2006, when a worm was created that used the network’s user profiles to spread. The worm infected everybody that visited a certain user profile.
Around that time, an advertising banner in MySpace exploited a Windows Metafile vulnerability to infect over a million users with spyware. Some days later, a worm was discovered at MySpace that inserted Java script in user profiles. When somebody tried to visit some of those profiles, they were redirected to a web page that blamed the U.S. government for the 9-11 attacks.
However, the most serious case took place at the end of 2006. The attackers exploited a feature of Apple’s QuickTime player to spread a worm in files that tried to pass themselves off as movies. Users that tried to view them became infected. In addition, the worm modified profile headers (which display the groups tab, forums tab, etc.) so that all of them pointed to a fraudulent website. This was a spoofed version of MySpace’s official site for stealing user names and passwords. This worm was also designed to send spam massively to all the contacts of infected users.
"Cyber-crooks want to distribute their creations to as many users as possible. That’s why they use networks that attract millions of Internet users around the world to spread their creations," explained Luis Corrons, Technical Director of PandaLabs.
Print version | 
Email to a friend | 
View other articles
Latest IT, computer and network security articles
India and Russia are the biggest producers of viruses
Misconfigured networks are the easiest IT resource hackers exploit
The Return of Ransomware and Do-it-Yourself Botnets
Atos Origin secures and manages the IT systems for Singapore 2010 Youth Olympic Games
Djigzo partners with Comodo to provide email encryption and authentication solution
Data protection laws are too relaxed and require revision
The challenge of protecting multiple and increasingly disparate end user environments
Quantix partners with Signify to offer two-factor authentication in its cloud environment
...[view more IT, computer and network security articles]...
Other IT, computer and network security Resources
Security websites for specific products:
Access control and RFID systems - Burglar alarm, intruder alarm and fire alarm systems - Biometric recognition and identification systems - CCTV cameras and systems - IT, computer and network security systems - Health and safety - Security guard services - Surveillance and remote monitoring systems
Security websites for specific markets:
Bank and financial security - Corporate security - School and education security - Sport event and live venue security - Healthcare and hospital security - Hotel restaurant and casino security - Industrial and manufacturing security - Infrastructure and Utilities security - Home and personal security - Public sector security - Retail security - Small Business security - Transport security
