Click her Booty and Win Free Stolen Account!

We’ve seen this phishing attempt many times, but here is another one using MyspaceTV screenshots that can lure an unsuspecting victim to a phishing website that looks exactly like a login page.

When a user clicks on the image they are redirected to”myispaceverify” domain.

As such, we always recommend not to click on pictures and links sent through messages and comments.

This link was not caught by the Msplinks filter yet so this may prove that Msplinks takes a while to catch every comment or they figured out a way to bypass the filter, but lets not jump to any conclusions yet.

The hyperlink :

(http)myispaceverify(dot)com/index.cfmfuseaction=

login.process&MyToken-wed2c1crexf3-2af0-21-ac41-f7545c34f5c32.htm

Click for Larger

April 2008 Error Message

The bug has resurfaced if you have attempted to make an underage screen name, or if you repeatedly try to create screen names.

For now you can workaround this bug by either creating a screen name from another website, or changing your IP address, or waiting 48 hours before attempting to make a screen name again. There has been no official announcement from AOL, but according to recent site activity, it seems AOL may attempt to fix it. You can still proceed to create your account at AOL.COM instead until its fixed.

Alternate Websites To Create an AIM Screen Name

• AOL.COM
• AIM Canada
• AIM UK
• MY AOL
• AIM Alternative

October 7th Error Message

This version of the bug no longer applies, but it will be left up just in case. Users have reported issues when creating an AIM screen name. Some users who are creating an AIM screen name are greeted with the following error message.

“The service you are trying to reach is temporarily unavailable – please try your requestagain. – 25006″

If you are greeted with this message, it is total ignorance on your part to have your screen name stolen and the loss or suspension of your account. Here’s why:

EZINBuyankina reports that anyone who creates a password that involves any part of their screen name, AOL will mistakenly display that error message. It should actually say that you may not use any part of your screen name as your password.

Here is an example:

Sn: Totallybritneygi

Pw: britney

Since britney is seen in totallybritneygi, you should expect to see the error message. If your using passwords that are easy to figure out, your very likely to get your account stolen and suspended. AOL won’t even help you if your account is stolen so you might as well take the precaution now to create a hard to guess security question [that someone can't ask you] and a hard to guess password.

You can read more of the thread [here]

This works on any cellphone carrier in the U.S as long as you have a mobile web browser also known as WAP. For now, photos are not showing up for some reason, maybe its a bit too early?

Some people might not like the screen name colors in Aim 6, and may want it to be red and blue, or blue and green. Here’s a quick guide on how to change the colors of your screen name and to change the colors of other people’s screen name.

To change Your Screen Name colors in Aim 6

Navigate to the directory below. Depending on your Version of Aim. If you can’t find it, upgrade to the latest version of aim at aim.com

Please note that # represents your AIM version. You must manually locate this directory through Windows Explorer. Simply copying and pasting the path below will not work. The path below applies to any Aim 6 version, including Aim 6.8 and Aim 6.9.

C:\Program Files\AIM6\services\
imApp\ver6_#_#_#\content\im\default.css

• Open the default.css file in C:\windows\notepad.exe
• Scroll down to .localname
• Next You will have to Find an HTML Color Value to input.
• Visit Colors, and select a color.
• Notice the 6 digit code combination at the top.
• This Code is what you will type under local name.

.localName {

font:12px Arial;

color:#D73306;

}

• Highlight over the Color Code. In this example it is #D73306
• Type the Color Code from the Website that you chose.
• Put a ‘#’ before the code and make sure there is a ‘;’ after your code

.localName {

font:12px Arial;

color:#000000;

}

• Press File > Save

To Change the Screen Name Color of the person you IM.

In default.css find any .remote name

.remoteName0 {

font:12px Arial;

color:#0F0595;

}

• Change the color by inserting a color value just like you did above.

Other .remoteName deal with the color of screen names in chatrooms. You can change any of these screen name colors the same way you did before. These colors will be given to people at random so do not expect to see much changes unless you drastically changed them all.

I’ve noticed a few Google searches here and there relate to myspace viruses and information about it. I still see that people still comment on fake profiles but aren’t sure if its real or not. So here’s a handy guide to figure out which ones are fake, you should look for all things below not just one particular category.

Look at their Details

Yes, you should look at it, if their sexual orientation, hometown, religion, and ethnicity is missing, they are likely to be a fake profile. View the example below:

Most of the time Status, and Zodiac Sign is shown, the rest are always missing. This is just a ploy to make themselves look more "bisexual" so they can attract a wider audience of people.

Blogs about Money or Cams

Usually they have one blog entry. They will talk about how they made so much easy money from a free website. "You’ll Laugh When I tell you how I make hundreds a week typing at home." HAHAHA! Yes! Go to their website where they’ll steal your identity! LOL! Watch out for these scammers and their quick money schemes.

Thanks for the ADD, but Who are you?

Often times a fellow falls victim to a sexy hot lady who really is just a computer program telling you to visit their website. Check the comments section, read through them and check for the following;

–Thanks for the Add
Check if the majority of comments are thanking them for the Adds. If you see these too often, they are fake profiles. You should also look for conversations, if you see a person talking about what they did yesterday and a flow of communication is going on, that means they might be legit profiles.

–Macy Cards, Gift Cards, Money Making, Ringtones..
If the majority of comments are about how they got cool gift cards from Macy’s or all these cool ringtones they get from such and such website, these profiles are usually victims of spams or spammers themselves. I mean after seeing so much spam on your myspace page, wouldn’t you delete them?

Spammer Catch Phrases

Poor Keri, she just recently had amnesia and she keeps giving out the wrong links.

Spammers Catch Phrases – DELETE THESE PEOPLE FROM YOUR PROFILE –

Oh my fault I must have gave you the wrong link then. The people I use make make money should be here(click here).  
(46,500 PROFILES SPAMMED)

Hey hun, How have you been doing? NAME told me to let you know about this if you need some extra cash.
(23,300 PROFILES SPAMMED)

I’m flippin’ out from all the free giftcards.
(153,000 PROFILES SPAMMED)

Wow I totally got my second free giftcard for Macys  today in the mail, I cant believe the store salesman  was telling the truth about this site!
(52,500 PROFILES SPAMMED)

See Who is Spying on your Myspace Page.
(Over 455,000 PROFILES SPAMMED)

These numbers are pretty large, maybe if we can catch all the phrases we can come up with an estimate on what percantage of myspace users have been phished.

Can you guess how many profiles this guy has?

There are simple ways to avoid your myspace from getting phished.

3. You Didn’t Update Quicktime.
Can’t stress this enough. Please for the LOVE of GOD update Quicktime now. Yes it will install iTunes, but you don’t need to worry about that program ever unless your trying to buy music from Apple.

Why Should I?
Quicktime has a feature where it can redirect you to any website. So with that in mind, anyone can create a quicktime movie and redirect you to a page out there meant to steal a password. They can also redirect you to a malicious page meant to automatically send spam links to everyone on your friends list. If you want to avoid these things, upgrade quicktime.

2. You Didn’t Update Adobe Flash
Guess What? Old versions of Adobe Flash have the same problem just like Quicktime. It can redirect you to any webpage it wants to. Go to Adobe right now and upgrade your flash player.  

Why Should I?
Because older versions of Adobe Flash can be the gateway towards malicious cross scripting attacks. These can basically take over your profile and send spam links to all your friends.

1. You click on Links in Bulletins, Comments, and Mail.
This is the number one reason why accounts get phished or compromised. When you click a link for that free camera, or free ringtone, or free crap, you can end up to any website that intends to steal your myspace password. You also run the risk of ending up at a site that sends out spam. Don’t trust every link you see, even if its your best friend in the whole wide world. Now Myspace is capturing every link sent from comments and adding a msplinks.com to them. Msplinks.com is a way for myspace to turn off outgoing links so that they can protect you from going to sites known for spamming and viruses. Its a little bit 1984ish but its good enough to protect you in the end.

Extra Tips:
Don’t login to myspace from another computer, such as ones from school.

Are hackers even trying anymore? Its getting even more blatantly obvious that your about to download a trojan. One of the biggest mistakes this one made is that it shows a pornographic image right on the myspace page. So basically this means they are too lazy to make their pages look legit and are trying desperately to get a few guys to click install. Now how long will this profile last with such a TOSable image sticking its booty straight at you. Anyways lets take a look shall we.

The image states "Unable to Run Video" "CLICK HERE TO INSTALL SEX VIEWER" and a woman’s Trap right inside a picture of the Myspace Video Player. Once you click the image you are redirected from the installer page to download MyInstaller.exe, then from there you are presented with a trojan using the Nullsoft installer engine. Thats as far as I can go. To keep things clean here on THIS blog the naughty bits have been removed.

TONIGHT WE DINE IN Long Term Relationships
 = Full Version Here =

Well its nothing new to say that Myspace has spam, but a new company believes its so funny to send spam in a different way, User Interaction. Yes it seems apparently this isn’t the leet hax0rz xss script that sends out spam once you click. Nope…. This is a site that wants you to input your username and password so that you can send the same page to all your friends. So a site with a very suspicious domain name with a very suspicious login page with some very suspicious unprofessional "terms" still manages to gather a plethora of kids as well as minorities who somehow think its so funny. So what does this site do? Lets look at its terms shall we…

1. Post Bulletins about this site.
2. Invite your friends to a "group" about this site.
3. Invite your friends to a "event" about this site.
4. Comment your top friends about the site.
5. Send Messages on your Behalf about this site.
6. Create a small floating profile overlay.
7. Introduce new entertaining sites.

Basically its saying, lets spam all your friends and people you don’t know. To make it even more funny, lets spam the same person 200  times because he can’t read so he needs to know how funny this site is. So lets see, why does this site need to take over your username just to get the word across? I mean if this site was OMG SO LIEK FUNNEH, shouldn’t it be spread around through some form of manual participation. The real purpose behind this site is sketchy, first it unintentionally targets minors, secondly, there is a javascript ad for some type of casino asking if your an adult or not, and depending on the responses they both send you to the same place. Once you reach up to the final page you see the OMG SO FUNNEH picture that they want you to see. Basically it ruins your mind and your heart wondering why in the world did you ever click this. Another variation of this spam is to send you an invitation to a group, and you’ll see a beautiful mountain with trees. This beautiful mountain picture is clickable and takes up the whole page. Using some table html, they place an overlay of a clickable image to get you to go through their "omg so funny" picture of you. They claim that brand new technology now lets the computer take a picture of you without need a webcam. All YOU have to do is sit infront of the monitor and magically it takes a picture of you.

Follow these 3 Easy Steps to avoid the viruses and scams on MySpace

Don’t Click links in Bulletins and Inbox

Very easy to follow, most of the time spammers hijack a profile and send links in bulletins everytime telling you to get this or add that. Spammers know minorities can’t resist the lure of free ringtones, they know girls can’t resist adding this cool person they found the other day, they know teenagers can’t resist adult pictures…

Don’t install Programs to View a Profile

Yes all those profiles telling you that you need to install Free Myspace Viewer, or Adult Myspace Viewer, or Funny Video powered by Zango, just avoid them. I don’t care if it has a picture of Tom on it, or a picture of the Myspace Logo, don’t install it.

Login from Myspace.com Only

If you ever see a login page, just type myspace.com in your browser and login from there. Never login from another page other than that. Why? Because there are people making profiles that look exactly like login pages, and some do say "myspace.com/loginhtml" at the top, so if your ever suddenly signed out, just go straight to myspace.com. Also with the new quicktime redirection exploit, they could send you to any page made exactly like the login area of myspace.com

Myspace?????????A few days ago Myspace and SoftBank kicked off the launching of Myspace Japan. Myspace claims it has many japanese users already, so this localization attempt will make it easier for users who don’t speak english to enter into the fold. Myspace Japan can be reached by jp.myspace.com once that happens a cookie is set so that when you type myspace.com you will start to see it in Japanese. For the people who really don’t know what they are doing, you get stuck with the myspace login page and everything is Japanese. It would have been nice if they left jp.myspace.com as japanese only. To reset this cookie just click the International button and you can set your localization to the other fun areas across the globe.

A clever phishing attempt was made by registering a username that sort of looks like a html page. The username "login_home_index_html" was registered to resemble a myspace login area. The tricky part about it was that since the website was "myspace.com/login_home_index_html" it could easily fool anyone who was caught offgaurd. Netcraft broke the story first stating it was a hacked page used on Myspace’s own servers. Although that would be the worst case scenario, it was just a div layout that looked exactly like a login page except that the login would send information somewhere else. Another spam attempt was made yesterday where bots would send multiple messages to Myspace users. These bots would claim that they knew you from somewhere, and that they wanted to talk. Basically it was a lure for you to look at their obviously fake Myspace page so that you can click to install their sexywebcam.exe.

Meet Veronica, she’s a 22 year old waitress who’s new to the area, she’s looking around for some fun to chill and hang out. Meet Taylor, she’s new to the area and she’s looking for a mate in the big city. Meet Track Slut, she does track by day and is a slut at night? Apparently they all say, "Lets have some fun and get this started Hi there friends" But what they really have in common is the Myspace Adult Content Viewer. Allegedly this Adult Content viewer lets you see these scantily clad women bare it all, but before you can take a peek, you are bombarded with trojans, keyloggers, and downloaders. It add itself as a BHO (Browser Helper Object) in Internet Explorer and modifies your start page and search page. Its just another day for phishers to log your bank account passwords and bombard you with advertisments. The most common trend of these Fake Myspace Spam Girls is that they all have model or webcam pictures and provide nothing about their personalities. Its like you can somewhat tell just by looking at the picture.